duanhegn231318 2012-03-18 19:44
浏览 79

使用blowfish加密验证MySQL

I've my usernames and passwords stored in a mysql db with blowfish encrption. In php I can encrypt the password like this:

crypt($pwd, _SALT_)

where $pwd = 'userpwd' and _SALT_ = $2a$07...

I'm looking for a way to use the user-table also in a VirtualHost with mod_auth_mysql. I know it's possible with md5 using Auth_MySQL_Encryption_Types PHP_MD5 but I'd rather stay with blowfish.

How do I tell mysql_auth to use blowfish? And where do I enter the salt?

EDIT:

Basic problem here is that I have to use a '_' between the key words in the vhost file. So it looks like:

<Location /webdav>
AuthType Basic
AuthName "jst-development"
AuthUserFile /dev/null
AuthBasicAuthoritative Off
Auth_MySQL on
Auth_MySQL_Authoritative on
Auth_MySQL_DB user
Auth_MySQL_User user
...

instead of [taken from http://modauthmysql.sourceforge.net/CONFIGURE]

AuthMySQLDB authdata
AuthMySQLUserTable user_info
AuthMySQLGroupField user_group

to stop apache complaining about the syntax. can someone tell me why or tell me the '_'-syntax for AuthMySQLSaltField <>

//EDIT 2: Version: libapache2-mod-auth-mysql (4.3.9-13ubuntu1)

//EDIT 3: Server version: Apache/2.2.14 (Ubuntu) Exact error when using the 'official syntax' without '_': Invalid command 'AuthMySQLDB', perhaps misspelled or defined by a module not included in the server configuration

  • 写回答

3条回答 默认 最新

  • dongshi8425 2012-03-18 20:32
    关注

    use

    AuthMySQLPwEncryption crypt
    

    http://modauthmysql.sourceforge.net/CONFIGURE

    AuthMySQLPwEncryption none | crypt | scrambled | md5 | aes | sha1
      The encryption type used for the passwords in AuthMySQLPasswordField:
        none: not encrypted (plain text)
        crypt: UNIX crypt() encryption
        scrambled: MySQL PASSWORD encryption
        md5: MD5 hashing
        aes: Advanced Encryption Standard (AES) encryption
        sha1: Secure Hash Algorihm (SHA1)
    
      WARNING: When using aes encryption, the password field MUST be a BLOB type
      (i.e.  TINYBLOB).  MySQL will strip trailing x'20' characters (blanks), EVEN
      IF THE COLUMN TYPE IS BINARY!
    
    AuthMySQLSaltField <> | <string> | mysql_column_name
    
      Contains information on the salt field to be used for crypt and aes
      encryption methods.  It can contain one of the following:
        <>: password itself is the salt field (use with crypt() only)
        <string>: "string" as the salt field
        mysql_column_name: the salt is take from the mysql_column_name field in the
          same row as the password
    
      This field is required for aes encryption, optional for crypt encryption.
      It is ignored for all other encryption types.
    
    评论

报告相同问题?

悬赏问题

  • ¥20 怎么在stm32门禁成品上增加记录功能
  • ¥15 Source insight编写代码后使用CCS5.2版本import之后,代码跳到注释行里面
  • ¥50 NT4.0系统 STOP:0X0000007B
  • ¥15 想问一下stata17中这段代码哪里有问题呀
  • ¥15 flink cdc无法实时同步mysql数据
  • ¥100 有人会搭建GPT-J-6B框架吗?有偿
  • ¥15 求差集那个函数有问题,有无佬可以解决
  • ¥15 【提问】基于Invest的水源涵养
  • ¥20 微信网友居然可以通过vx号找到我绑的手机号
  • ¥15 解riccati方程组