apache: enable password encryption

Problems with the Windows version of XAMPP, questions, comments, and anything related.

apache: enable password encryption

Postby jonas-e » 23. July 2010 15:10

Hi there!

I have xampp locally on my winxp machine for development and my remote host provides a linux-based platform.

I have made an .htacces-file and an .thpasswd-file in a directory - except on my xampp-installation the .htpasswd is not encrypted - i.e.
Code: Select all
user:user

While on the remote host:
Code: Select all
user:hal/Gtt93qGmc


That makes it a lot harder to keep my dev-site and production-site in sync. Any suggestions how to enbale the password-encryption on my local apache? (I've tried googling quite a bit of course).

/cheers
jonas-e
 
Posts: 9
Joined: 23. July 2010 15:01

Re: apache: enable password encryption

Postby JonB » 23. July 2010 23:24

In the apache\bin folder is the commandline utility htpasswd.exe, which may offer a solution.

BUT I'm not 100% on board with this yet. :roll:

:mrgreen:
User avatar
JonB
AF Moderator
 
Posts: 3210
Joined: 12. April 2010 16:41
Location: Land of the Blazing Sun
Operating System: Windows XP/7 - Fedora 15 1.7.7

Re: apache: enable password encryption

Postby jonas-e » 24. July 2010 12:36

Hello again - and thanks for the advice both of you!

Creating new users+password works fine this way according to your suggestions:
Code: Select all
htpasswd.exe -b .htpasswd user user


But that is not really what I need. My xampp/apache installation does not USE encrypted passwords. If put the following in my .htpasswd on my localhost:
Code: Select all
user:$apr1$fz7EFMWw$yF7b/ocHZvtmvqOy42SpZ.

- my localhost will prompt me for it and I will have to type the value "$apr1$fz7EFMWw$yF7b/ocHZvtmvqOy42SpZ." into the dialogue - while on the remote host I type the value "user" into it - both servers using the EXACT same .htpasswd file! (tried both ANSI and UTF-8 encoding the file - doesn't make a difference).

So what I need is to configure my localhost apache to USE the encryption ... :?
jonas-e
 
Posts: 9
Joined: 23. July 2010 15:01

Re: apache: enable password encryption

Postby JonB » 25. July 2010 21:42

Hi

I kinda held my fire earlier to see if your experiment would bear fruit where mine have not so far.

Below is my original draft: (BUT I had not taken time to do the test you just did That was why I said this:
"I'm not 100% on-board with this yet". - it was on the agenda for this afternoon, now that laundry is done - but you beat me to it. :shock: )
----------------------------->
Using basic authentication on WINDOWS - AFAIK you can't, I'm pretty sure from my research that the Apache (ASF) released mod_auth is reliant on a *nix system call that is not available on Windows (base64encode). There is an IIS-specific handler for this, but I am unaware of any for the ASF Apache for Windows binaries. If you (or anyone else) locate(s) one, I'd be very interested myself. :!:

I'm a cross platform specialist (IIS & Apache), so I have the same issues, :wink:

Good Luck
8)

also see this:
Code: Select all
http://msdn.microsoft.com/en-us/library/aa388178(VS.85).aspx

http://helicontech.blogspot.com/2009/02 ... ation.html
(methinks wole is wong LOL)

:mrgreen:
User avatar
JonB
AF Moderator
 
Posts: 3210
Joined: 12. April 2010 16:41
Location: Land of the Blazing Sun
Operating System: Windows XP/7 - Fedora 15 1.7.7

Re: apache: enable password encryption

Postby jonas-e » 27. July 2010 10:07

Thanks a bundle JonB. I thought there was a straight forward easy solution for this - e.g. "Just add this line to the .conf-file and restart Apache". But apparently there isn't. To bad .. :(

Well, it's a luxury problem - my local site doesn't have to be protected. I just have to remember to rename my tmp.htacces to .htacces on the remote host ...
jonas-e
 
Posts: 9
Joined: 23. July 2010 15:01

Re: apache: enable password encryption

Postby JonB » 27. July 2010 13:01

Yanno - you might have just pointed out a 'fix' -

the password and access directives files can have any name you choose actually --

Presto - no renaming !

8)
User avatar
JonB
AF Moderator
 
Posts: 3210
Joined: 12. April 2010 16:41
Location: Land of the Blazing Sun
Operating System: Windows XP/7 - Fedora 15 1.7.7

Re: apache: enable password encryption

Postby jonas-e » 27. July 2010 15:32

Eeh - I don't get that ..?
jonas-e
 
Posts: 9
Joined: 23. July 2010 15:01

Re: apache: enable password encryption

Postby JonB » 27. July 2010 22:18

You can change the file naming convention for access directives in Apache.

Its an Apache directive itself, LOL sorta: foo(foo)

God - that it bad - but I always get a kick out of the 'foo' stuff. HEY I did Unix befo' there was a 'doze' - I can make stupid unix jokes.

OK seriously its - AccessFileName

http://httpd.apache.org/docs/2.0/mod/core.html

sooo - you have your XAMPPY set to use .htwin

AccessFileName .htwin

I'm pretty sure would need to be added to httpd.conf on local XAMPP. (or it can be donr in a vhost)

THEN you make your directives in the .htwin files point at the plaintext (unencrypted) .htwinpassword file.

And leave your LAMP 'real server' set to read .htaccess and .htpassword (as it does now)

BOTH are protected against download by a FILES block by default.

(drumroll) ~ Ta DA ~

the two directive sets would be mirrors OTHER than the password filenames.

One downside -- still have to sync them at least once.


I have a JonB confidence level of 99.5% on this one...

:mrgreen:

where's my Guiness? hehehe
User avatar
JonB
AF Moderator
 
Posts: 3210
Joined: 12. April 2010 16:41
Location: Land of the Blazing Sun
Operating System: Windows XP/7 - Fedora 15 1.7.7

Re: apache: enable password encryption

Postby Altrea » 28. July 2010 05:48

JonB wrote:I'm pretty sure would need to be added to httpd.conf on local XAMPP

apache\conf\extra\httpd-default.conf line 45 ;)

JonB wrote:I have a JonB confidence level of 99.5% on this one...

:mrgreen: :mrgreen:
We don't provide any support via personal channels like PM, email, Skype, TeamViewer!

It's like porn for programmers 8)
User avatar
Altrea
AF Moderator
 
Posts: 8290
Joined: 17. August 2009 13:05
XAMPP version: several
Operating System: Windows 10 Pro x64

Re: apache: enable password encryption

Postby jonas-e » 28. July 2010 06:41

Thanks for your help folks!
jonas-e
 
Posts: 9
Joined: 23. July 2010 15:01


Return to XAMPP for Windows

Who is online

Users browsing this forum: No registered users and 68 guests