Page 1 of 2

Webdav - standard password dont work

PostPosted: 28. March 2006 12:55
by systemworks
mayby another people have the same problem as I
i tried webdav but the standard password dont work wampp,Xampp
any ideas ?

PostPosted: 31. August 2006 10:14
by ocifant
Did you ever resolve this? I'm having the same problem.

Installed xampp and all is well. I'm now trying to get Mozilla Sunbird to share a calendar file, but when I try to publish, it asks for the user/password combination for DAV_upload and won't recognise the wampp/xampp combination at all.

I tried to add another user to the C:\Program Files\xampp\security\htpasswd.webdav file, but this gives the same results. It just keeps asking for the user/password combination.

The htpasswd.webdav file contents are as follows:
Code: Select all
wampp:XAMPP with WebDAV:bc7f2b670e7e965e307feb30492e642e
alan:yF.aWqsafAWBo

I'm totally new to WebDAV so any help at all would be appreciated.

PostPosted: 31. August 2006 10:23
by Izzy
I am totally new to Dav but I know you can't change anything manually in a htpasswd file as it is encrypted.

However in xampp/apache/conf/extra/httpd-dav.conf there is some info about how to create a password database. Take a look at it and see if you can make any sense of it.

This is what my htpasswd looks like and it is the default and has not been changed at all so it is still wampp/xampp - yours looks like it has been changed with a user name of alan:
Code: Select all
wampp:XAMPP with WebDAV:bc7f2b670e7e965e307feb30492e642e

Maybe delete this from your htpasswd file and try and publish again:
alan:yF.aWqsafAWBo

You may have to add your Browser Match to the above conf file but not sure on all this DivDav stuff. :)

Failing that a Google search might come up with some goodies also.

Good Luck.

PostPosted: 31. August 2006 11:53
by ocifant
Yeah, I tried with the standard file first. It didn't match, so I added the Alan entry. I've added entries like this to standard .htpasswd files before, so it's not the actual entry that's at fault here.

It's something in xampp/WebDAV that doesn't seem to be connecting for some reason, and I can't fathom it out.

The Sunbird side of things (googled) is reasonably straightforward, it's the server side of things I'm having problems with, and I just can't make sense of the stuff I've googled on that aspect of things :oops:

PostPosted: 31. August 2006 12:47
by ocifant
And here's the error.log entry for my attempts:
Code: Select all
[Thu Aug 31 12:43:14 2006] [error] [client 192.168.0.2] user wampp: authentication failure for "/webdav/dairy.ics": Password Mismatch


So it looks as if the standard password encryption isn't working under Windows XP SP2 ?

Any thoughts as to how I get round this one?

Resolved!!

PostPosted: 31. August 2006 14:01
by ocifant
I found this on http://www.apacheweek.com/issues/99-01-29#encrypted :
In all current releases of Apache for Windows, passwords in .htpasswd files are stored unencrypted. This is because Windows does not contain a standard function for encrypting strings (on Unix, the crypt() function does this).

I ran a quick test by adding a test:test line to my htpasswd.webdav file, and all is now working!

Security? Who needs it? ;-)

PostPosted: 01. September 2006 07:22
by Izzy
XAMPP uses encrypted passwords using the htpasswd.exe default of MD5.
Code: Select all
C:\xampp\apache\bin>htpasswd
Usage:
        htpasswd [-cmdpsD] passwordfile username
        htpasswd -b[cmdpsD] passwordfile username password

        htpasswd -n[mdps] username
        htpasswd -nb[mdps] username password
 -c  Create a new file.
 -n  Don't update file; display results on stdout.
 -m  Force MD5 encryption of the password (default).
 -d  Force CRYPT encryption of the password.
 -p  Do not encrypt the password (plaintext).
 -s  Force SHA encryption of the password.
 -b  Use the password from the command line rather than prompting for it.
 -D  Delete the specified user.
On Windows, NetWare and TPF systems the '-m' flag is used by default.
On all other systems, the '-p' flag will probably not work.

Note the bit about On Windows above.

This quote from the link you provided which you should really have quoted in full as your little snippet is a tad misleading.
Apache Week wrote:Encrypted passwords on Windows

In all current releases of Apache for Windows, passwords in .htpasswd files are stored unencrypted. This is because Windows does not contain a standard function for encrypting strings (on Unix, the crypt() function does this). Now string encryption has been added to Apache using the MD5 algorithm. This means that encrypted passwords can now be used with Apache. The Apache server and the htpasswd program have both been updated to work with MD5 encrypted passwords. On Windows, all passwords will now be encrypted with MD5. Unix will default to using crypt() for encrypting passwords, although it is possible to use MD5 instead (using the new -m option to htpasswd).



To see it working on XAMPP Apache in Windows XP type, at a command prompt in:
xampp/apache/bin/htpasswd -n -m anyname

It will prompt twice for a password - just enter anyname twice.
Then the username anything with an encrypted password of anything will be displayed.
anyname:$apr1$Pd4.....$KFwyF4oDeNpA25hBkTbqW0

You can Mark, Copy and Paste by clicking on the little icon in the top border left hand side of the console window and then select Edit, if required, to a .htpasswd file of your choice. It is now MD5 encrypted, which is acceptable to Apache in Windows.

Neither the WebDavdoodah :) password nor your alan password were MD5 encrypted so they were thrown out by Apache on Windows.
wampp:XAMPP with WebDAV:bc7f2b670e7e965e307feb30492e642e
alan:yF.aWqsafAWBo

I hope this has cleared this up for those who are not sure about WebDav or indeed any encrypted password in XAMPP for Windows.

You can now be secure again if you wish and full marks for your diligent research on this password issue. :)

PostPosted: 01. September 2006 07:55
by ocifant
Thanks for that explanation. For once it makes everything clear :)

My use of webdav is only for a home network, so I'm not too worried about the security side at the moment - it's just for me and the wife!

And it seems to be working fine in the clear...

Sunbird: 500: Internal Server Error

PostPosted: 04. September 2006 07:48
by linorg
I have kind of the same problem. With a default install of XAMPP I am trying to get write permissions to a calender file in the webdav directory using Sunbird.

Read permissions work fine, but using the default username/password to edit the file returns a "Status code: 500: Internal Server Error".

I have tried the different techniques described there, but with same result.

Anybody have any ideas?

PostPosted: 04. September 2006 07:54
by ocifant
I'll confess that keeping the password in the clear works for me, but that solution obviously wouldn't suit everyone...

Re: Sunbird: 500: Internal Server Error

PostPosted: 04. September 2006 07:58
by Izzy
linorg wrote:...Read permissions work fine, but using the default username/password to edit the file returns a "Status code: 500: Internal Server Error"...Anybody have any ideas?

When ever you get a server 500 error check your xampp/apache/logs/error.log as there will be more info about the error that will give you some clues.

Re: Sunbird: 500: Internal Server Error

PostPosted: 04. September 2006 08:31
by linorg
Izzy wrote:When ever you get a server 500 error check your xampp/apache/logs/error.log as there will be more info about the error that will give you some clues.


I checked the log:

[Mon Sep 04 09:14:12 2006] [error] [client 192.168.0.53] (OS 2)The system cannot find the file specified. : Could not open password file: C:/Program Files/Services/XAMPP/xampp/security/htpasswd.webdav

The path is correct. I have set the permissions to everyone, read & execute. But it still reports the same error.

Do I need to set permissons to a specific user account (SYSTEM / Autheinticated users etc.)?

PostPosted: 04. September 2006 08:35
by ocifant
Are you sure your password file is called htpasswd.webdav ?

Or is it webdav.htpasswd ?? ;-)

PostPosted: 04. September 2006 08:44
by linorg
ocifant wrote:Are you sure your password file is called htpasswd.webdav ?

Or is it webdav.htpasswd ?? ;-)


Brilliant ocifant! I did'nt even notice that, but you are right! My file was called webdav.htpasswd.

A simple copy and rename solved it!

PostPosted: 29. October 2006 17:28
by fabi_cosentino
linorg wrote:
ocifant wrote:Are you sure your password file is called htpasswd.webdav ?

Or is it webdav.htpasswd ?? ;-)


Brilliant ocifant! I did'nt even notice that, but you are right! My file was called webdav.htpasswd.

A simple copy and rename solved it!


Hi!!!! I have the same problem!!!! I'm almost crazy :(
Hoe do you rename the file? I can't rename the file with this extension!!
Thanks a lot!!!
REgards, Fabiana