LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices



Reply
 
Search this Thread
Old 12-31-2005, 03:03 AM   #1
logicalfuzz
Member
 
Registered: Aug 2005
Distribution: Arch Linux
Posts: 291

Rep: Reputation: 41
Apache does not accept username/password


i have configured Apache+SNORT+MySql+PHP+ACID on a machine.
I want to have user authentication for those accessing the ACID page
i added entries in httpd.conf to allow 2 users (and made all necessary configurations my makeing the .htpasswd, .htgroup files in /var/www/html/acid/ directory)
When i run ACID,it does not log in!! the http error logfile said
Code:
[Sat Dec 31 12:01:31 2005] [error] [client xx.xx.xx.xx] MySQL ERROR: Table 'test.user_info' doesn't exist: /acid/acid_main.php
[Sat Dec 31 12:01:31 2005] [error] [client xx.xx.xx.xx] MySQL user <user_name> not found: /acid/acid_main.php
so i created a table user_info in the test database (i dont know why it gave this error!! but can i do without adding the user in mysql database?) and had columns 'user_name' and 'user_password'
I added the required users in the database but gave cleartext password (dint know how to go about this field, but I'm sure this is not the right way..) now the error says
Code:
[Sat Dec 31 12:54:33 2005] [error] [client xx.xx.xx.xx] user <user_name>: password mismatch: /acid/acid_main.php
whats the solution? Thanks in advance for any help
 
Old 12-31-2005, 08:43 AM   #2
masand
Guru
 
Registered: May 2003
Location: INDIA
Distribution: Ubuntu, Solaris,CentOS
Posts: 5,522

Rep: Reputation: 58
well did u try out with the htpasswd command??
or just created the files and entered the passwords??

regards
 
Old 01-01-2006, 01:22 PM   #3
logicalfuzz
Member
 
Registered: Aug 2005
Distribution: Arch Linux
Posts: 291

Original Poster
Rep: Reputation: 41
i did that with htpasswd
only mysql entries i added by hand.
 
Old 01-01-2006, 11:55 PM   #4
masand
Guru
 
Registered: May 2003
Location: INDIA
Distribution: Ubuntu, Solaris,CentOS
Posts: 5,522

Rep: Reputation: 58
ok so when u used htpasswd

where did it gave u problems?
did u get the username/password box while accesing that page?
if u got that box then u cna check the apache log and see what error did it encounter and did not allow you to login

regards
 
Old 01-02-2006, 12:27 AM   #5
logicalfuzz
Member
 
Registered: Aug 2005
Distribution: Arch Linux
Posts: 291

Original Poster
Rep: Reputation: 41
Yes it did give a username/passwd box when accessing the page.. but it seemed it did not accept the username/passwd and the window came up again. while refering to the logs, i could see the error that i have enclosed in the 'code' block in my first post(of'course xx.xx.xx.xx was where my actual ip was..). The error indicated that it wanted a mysql entry!! So i created the table (i've given the details in my first post )
 
Old 01-02-2006, 12:31 AM   #6
masand
Guru
 
Registered: May 2003
Location: INDIA
Distribution: Ubuntu, Solaris,CentOS
Posts: 5,522

Rep: Reputation: 58
can u post the entry in httpd.conf where you have specified the option for password protecting your page

did u use mysql+htpasswd??

regards
 
Old 01-02-2006, 12:58 AM   #7
logicalfuzz
Member
 
Registered: Aug 2005
Distribution: Arch Linux
Posts: 291

Original Poster
Rep: Reputation: 41
the snip if httpd.conf..
Code:
<..snip..>
<Directory /var/www/html/acid>
        AllowOverride AuthConfig
        AuthName "ACID LOGIN"
        AuthType Basic
        AuthUserFile /var/www/httpd/acid/.htpasswd
        AuthGroupFile /var/www/httpd/acid/.htgroup
        require group acid-members
</Directory>
<..snip..>
the snip of /var/www/html/acid/.htgroup
Code:
acid-members:user1 user2
edit:
Quote:
did u use mysql+htpasswd??
Initially i had not.. i only added the mysql entry after looking at the error log

Last edited by logicalfuzz; 01-02-2006 at 12:59 AM.
 
Old 01-02-2006, 02:45 AM   #8
masand
Guru
 
Registered: May 2003
Location: INDIA
Distribution: Ubuntu, Solaris,CentOS
Posts: 5,522

Rep: Reputation: 58
pl. also post ut htpaswd command that u used

regards
 
Old 01-02-2006, 05:37 AM   #9
logicalfuzz
Member
 
Registered: Aug 2005
Distribution: Arch Linux
Posts: 291

Original Poster
Rep: Reputation: 41
Code:
htpasswd -c /var/www/html/acid/.htpasswd user1
htpasswd /var/www/html/acid/.htpasswd user2
 
Old 01-02-2006, 06:07 AM   #10
masand
Guru
 
Registered: May 2003
Location: INDIA
Distribution: Ubuntu, Solaris,CentOS
Posts: 5,522

Rep: Reputation: 58
well see the difference here

AuthUserFile /var/www/httpd/acid/.htpasswd
AuthGroupFile /var/www/httpd/acid/.htgroup

and here

htpasswd -c /var/www/html/acid/.htpasswd user1
htpasswd /var/www/html/acid/.htpasswd user2

regards
 
Old 01-02-2006, 09:38 AM   #11
logicalfuzz
Member
 
Registered: Aug 2005
Distribution: Arch Linux
Posts: 291

Original Poster
Rep: Reputation: 41
oops sorry, the directory /var/www/html/acid is the valid directory and i have corrected the entries in httpd.conf file and restarted httpd service. But still i am not able to authenticate!!!
 
Old 01-02-2006, 10:06 AM   #12
masand
Guru
 
Registered: May 2003
Location: INDIA
Distribution: Ubuntu, Solaris,CentOS
Posts: 5,522

Rep: Reputation: 58
please post the log from error/info file log of apache

i too have faced such problems and the logs have always come to my rescue

regards
 
Old 01-02-2006, 10:43 AM   #13
logicalfuzz
Member
 
Registered: Aug 2005
Distribution: Arch Linux
Posts: 291

Original Poster
Rep: Reputation: 41
After editing the httpd.conf file to correct the address entry, i droped the table user_info in the mysql database. Shown below is the error log after doing the above changes..
Code:
[root@saturn mydir]# tail /var/log/httpd/error_log
[Mon Jan 02 20:12:13 2006] [notice] caught SIGTERM, shutting down
[Mon Jan 02 20:12:16 2006] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Mon Jan 02 20:12:17 2006] [notice] Digest: generating secret for digest authentication ...
[Mon Jan 02 20:12:17 2006] [notice] Digest: done
[Mon Jan 02 20:12:17 2006] [notice] LDAP: Built with OpenLDAP LDAP SDK
[Mon Jan 02 20:12:17 2006] [notice] LDAP: SSL support unavailable
[Mon Jan 02 20:12:17 2006] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads.
[Mon Jan 02 20:12:17 2006] [notice] Apache/2.0.52 (Red Hat) configured -- resuming normal operations
[Mon Jan 02 20:12:33 2006] [error] [client 172.17.2.22] MySQL ERROR: Table 'test.user_info' doesn't exist: /acid/acid_main.php
[Mon Jan 02 20:12:33 2006] [error] [client 172.17.2.22] MySQL user infosec not found: /acid/acid_main.php
After this i again created the table user_info in test database (with keys user_name and user_password) with the same username that is used to log into snort database in mysql while accessing ACID. Of'course i again inserted the password in cleartext!! Heres the error log as of how it looks after this change.
Code:
[root@saturn mydir]# tail /var/log/httpd/error_log
[Mon Jan 02 21:04:55 2006] [error] [client 172.17.2.22] user infosec: password mismatch: /acid/acid_main.php
[Mon Jan 02 21:11:50 2006] [notice] caught SIGTERM, shutting down
[Mon Jan 02 21:11:51 2006] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Mon Jan 02 21:11:52 2006] [notice] Digest: generating secret for digest authentication ...
[Mon Jan 02 21:11:52 2006] [notice] Digest: done
[Mon Jan 02 21:11:52 2006] [notice] LDAP: Built with OpenLDAP LDAP SDK
[Mon Jan 02 21:11:52 2006] [notice] LDAP: SSL support unavailable
[Mon Jan 02 21:11:52 2006] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads.
[Mon Jan 02 21:11:53 2006] [notice] Apache/2.0.52 (Red Hat) configured -- resuming normal operations
[Mon Jan 02 21:12:41 2006] [error] [client 172.17.2.22] user infosec: password mismatch: /acid/acid_main.php
edit: is this a problem with Apache 2.0? My coleague, it seems, did not have any problems with apache 1.x

Last edited by logicalfuzz; 01-03-2006 at 12:09 AM.
 
Old 01-03-2006, 12:16 AM   #14
masand
Guru
 
Registered: May 2003
Location: INDIA
Distribution: Ubuntu, Solaris,CentOS
Posts: 5,522

Rep: Reputation: 58
the error that u have indicated does not suggest that you got an access denied request

there is some problem with mysql entries

what do u get for

service httpd restart

does it go fine if u do that for 2-3 times
do u get service failure ??

also there is a snort config manaul for centOS,so it will work for redhat too
lookout for that from the snort website

regards
 
Old 01-03-2006, 04:31 AM   #15
logicalfuzz
Member
 
Registered: Aug 2005
Distribution: Arch Linux
Posts: 291

Original Poster
Rep: Reputation: 41
service httpd restart gives
Code:
[root@saturn mydir]# /sbin/service httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd: httpd: Could not determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
                                                           [  OK  ]
Error file tail is..
Code:
[root@saturn mydir]# tail /var/log/httpd/error_log
[Mon Jan 02 21:15:05 2006] [error] [client 172.17.2.22] user user1: password mismatch: /acid/acid_main.php
[Mon Jan 02 21:15:27 2006] [error] [client 172.17.2.22] user user1: password mismatch: /acid/acid_main.php
[Tue Jan 03 14:17:03 2006] [notice] caught SIGTERM, shutting down
[Tue Jan 03 14:17:08 2006] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Jan 03 14:17:09 2006] [notice] Digest: generating secret for digest authentication ...
[Tue Jan 03 14:17:09 2006] [notice] Digest: done
[Tue Jan 03 14:17:09 2006] [notice] LDAP: Built with OpenLDAP LDAP SDK
[Tue Jan 03 14:17:09 2006] [notice] LDAP: SSL support unavailable
[Tue Jan 03 14:17:09 2006] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads.
[Tue Jan 03 14:17:10 2006] [notice] Apache/2.0.52 (Red Hat) configured -- resuming normal operations
[root@saturn mydir]#
The problem is not specific to snort/ACID.. I had faced the same problem while doing it for normal web-pages. Last time was for a personal purpose. But this time I really need an authenticated user to view the ACID page in my organisation.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Screen saver doesn't accept password gargamel Slackware 2 02-27-2005 09:09 AM
Samba - folders asking for password but wont accept blink_00 Linux - Newbie 2 12-04-2004 01:38 AM
su doesn't accept my password CGameProgrammer Linux - General 7 10-13-2004 01:07 PM
Mysql shell only accept blank password? robertoneto123 Linux - Networking 0 01-09-2004 03:42 PM
su root doesn't accept password Scheike Linux - General 2 09-10-2003 07:38 AM


All times are GMT -5. The time now is 11:44 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration