Tags:
access_control1Add my vote for this tag authentication1Add my vote for this tag create new tag
view all tags

SID-00011: Switch to Digest Authentication

Status: Answered Answered TWiki version: 4.1.0 Perl version: 5.008005
Category: CategoryAuthentication Server OS: Linux 2.6.9-67.ELsmp #1 SMP Last update: 15 years ago

My twiki has been running using basic authentication and i've been trying to find out how to switch it to use digest authentication. I thought it might be as easy as just changing the twiki.conf file to use digest but that didn't seem to work. I looked in /bin/configure but i'm not sure what needs changing.

On another note is there a way to convert the original .htpassword file to be used with the digest authentication?

-- TWikiGuest - 05 Jan 2009

Discussion and Answer

You might need to write a new TWiki::LoginManager::DigestLogin Perl module. You could base it on the TWiki::LoginManager::ApacheLogin.

-- PeterThoeny - 05 Jan 2009

I'm new to this kind of stuff. Is there information on how to start creating a new module that you recommend? Where can i view TWiki::LoginManager::ApacheLogin?

-- TWikiGuest - 05 Jan 2009

In your TWiki installation: twiki/lib/TWiki/LoginManager/ApacheLogin.pm, also at SVN04x02:lib/TWiki/LoginManager/ApacheLogin.pm

-- PeterThoeny - 05 Jan 2009

Ah, you are on TWiki 4.1, so this would be twiki/lib/TWiki/Client/ApacheLogin.pm or SVN04x01:lib/TWiki/Client/ApacheLogin.pm.

-- PeterThoeny - 05 Jan 2009

Thanks i was able to find it after a little of extra searching. However i don't see where it makes a check for the user and password, though i may not be looking closely enough as i haven't worked with perl much if at all.

-- TWikiGuest - 05 Jan 2009

Sorry, I gave you incomplete information. The login manager manages the login itself and delegates the password authentication to the password manager, default is TWiki::Users::HtPasswdUser. In your installation, twiki/lib/TWiki/Users/HtPasswdUser.pm or SVN04x01:lib/TWiki/Users/HtPasswdUser.pm

-- PeterThoeny - 05 Jan 2009

After going though a perl tutorial and looking at both files i'm still confused. Will a new LoginManager be need for DigestLogin, a new PasswordMangaer for TWiki::Users::HtDigestUser?

-- TWikiGuest - 06 Jan 2009

I am not familiar with digest authentication. Not sure, you might need to create a TWiki::Client::DigestAuthLogin and a TWiki::Users::DigestAuthUser, or may be just the former.

-- PeterThoeny - 06 Jan 2009

well according to the comments TWiki::Users::HtPasswdUser supports both .htaccess and .htdigest files. I may take a deeper look at how it works. I may not need to make anything and just didn't configure it properly.

-- TWikiGuest - 06 Jan 2009

Twiki puts email address at the end of each line for users in the .htpasswd file. I changed the password manager to do this and act pretty much the same way for htdigest files, however when an attempt is made to login the email address is taken as part of the hashed values and they have to be removed for a successful login. How do logins for .htpasswd files not have this problem?

-- TWikiGuest - 09 Jan 2009

TWiki::Users::HtPasswdUser does some special handling to manage e-mail addresses. Apache's basic auth is aware of the second colon, e.g. ignores stuff after that. Not sure if digest auth does that.

-- PeterThoeny - 09 Jan 2009

The final part of this solution ended up that i needed to change mod_auth_digest.c and recomplie it. Just before the last if statement in

*get_hash(request_rec *r, const char *user, const char *realm, const char *auth_pwfile)
I added
rpw = ap_getword(r->pool, &rpw, ':');
and within the last if statement returned rpw instead of apr_pstrdup(r->pool, rpw);.

-- TWikiGuest - 15 Jan 2009

Thanks for sharing the solution with the TWiki community!

-- PeterThoeny - 15 Jan 2009

      Change status to:
ALERT! If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.
SupportForm
Status Answered
Title Switch to Digest Authentication
SupportCategory CategoryAuthentication
TWiki version 4.1.0
Server OS Linux 2.6.9-67.ELsmp #1 SMP
Web server Apache/2.0.52
Perl version 5.008005
Edit | Attach | Watch | Print version | History: r13 < r12 < r11 < r10 < r9 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r13 - 2009-01-15 - PeterThoeny
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.