SID-00011: Switch to Digest Authentication
Status: |
Answered |
TWiki version: |
4.1.0 |
Perl version: |
5.008005 |
Category: |
CategoryAuthentication |
Server OS: |
Linux 2.6.9-67.ELsmp #1 SMP |
Last update: |
15 years ago |
My twiki has been running using basic authentication and i've been trying to find out how to switch it to use digest authentication. I thought it might be as easy as just changing the twiki.conf file to use digest but that didn't seem to work. I looked in /bin/configure but i'm not sure what needs changing.
On another note is there a way to convert the original .htpassword file to be used with the digest authentication?
--
TWikiGuest - 05 Jan 2009
Discussion and Answer
You might need to write a new
TWiki::LoginManager::DigestLogin
Perl module. You could base it on the
TWiki::LoginManager::ApacheLogin
.
--
PeterThoeny - 05 Jan 2009
I'm new to this kind of stuff. Is there information on how to start creating a new module that you recommend? Where can i view
TWiki::LoginManager::ApacheLogin
?
--
TWikiGuest - 05 Jan 2009
In your TWiki installation:
twiki/lib/TWiki/LoginManager/ApacheLogin.pm
, also at
SVN04x02:lib/TWiki/LoginManager/ApacheLogin.pm
--
PeterThoeny - 05 Jan 2009
Ah, you are on TWiki 4.1, so this would be
twiki/lib/TWiki/Client/ApacheLogin.pm
or
SVN04x01:lib/TWiki/Client/ApacheLogin.pm.
--
PeterThoeny - 05 Jan 2009
Thanks i was able to find it after a little of extra searching. However i don't see where it makes a check for the user and password, though i may not be looking closely enough as i haven't worked with perl much if at all.
--
TWikiGuest - 05 Jan 2009
Sorry, I gave you incomplete information. The login manager manages the login itself and delegates the password authentication to the password manager, default is TWiki::Users::HtPasswdUser. In your installation,
twiki/lib/TWiki/Users/HtPasswdUser.pm
or
SVN04x01:lib/TWiki/Users/HtPasswdUser.pm
--
PeterThoeny - 05 Jan 2009
After going though a perl tutorial and looking at both files i'm still confused. Will a new
LoginManager be need for
DigestLogin, a new
PasswordMangaer for TWiki::Users::HtDigestUser?
--
TWikiGuest - 06 Jan 2009
I am not familiar with digest authentication. Not sure, you might need to create a
TWiki::Client::DigestAuthLogin
and a
TWiki::Users::DigestAuthUser
, or may be just the former.
--
PeterThoeny - 06 Jan 2009
well according to the comments TWiki::Users::HtPasswdUser supports both .htaccess and .htdigest files. I may take a deeper look at how it works. I may not need to make anything and just didn't configure it properly.
--
TWikiGuest - 06 Jan 2009
Twiki puts email address at the end of each line for users in the .htpasswd file. I changed the password manager to do this and act pretty much the same way for htdigest files, however when an attempt is made to login the email address is taken as part of the hashed values and they have to be removed for a successful login. How do logins for .htpasswd files not have this problem?
--
TWikiGuest - 09 Jan 2009
TWiki::Users::HtPasswdUser
does some special handling to manage e-mail addresses. Apache's basic auth is aware of the second colon, e.g. ignores stuff after that. Not sure if digest auth does that.
--
PeterThoeny - 09 Jan 2009
The final part of this solution ended up that i needed to change mod_auth_digest.c and recomplie it. Just before the last if statement in
*get_hash(request_rec *r, const char *user, const char *realm, const char *auth_pwfile)
I added
rpw = ap_getword(r->pool, &rpw, ':');
and within the last if statement returned
rpw
instead of
apr_pstrdup(r->pool, rpw);
.
--
TWikiGuest - 15 Jan 2009
Thanks for sharing the solution with the TWiki community!
--
PeterThoeny - 15 Jan 2009
If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.