Re: mod_auth_pgsql

Joey M schrieb:
> Hey,
>
> I've set up mod_auth_pgsql several times successfully, but for some reason I
> keep getting a "password mismatch" error on my latest install when I try to
> log in to my protected site.
>
> I'm running postgresql 7.2.2, apache 1.3.26 on FreeBSD 4.6.2.  The version of
> mod_auth_pgsql I built into apache is 0.9.12.
>
> This is what my schema and current data look like:
>
> CREATE TABLE users (
>         username CHAR(25) PRIMARY KEY,
>         password CHAR(25) NOT NULL
> );
>
> INSERT INTO users (username, password) VALUES ('ssmith', 'abc');
>
> Here is what the my .htaccess file looks like:
>
> AuthName "test"
> AuthType basic
>
> Auth_PG_host localhost
> Auth_PG_port 5432
> Auth_PG_database apache
> Auth_PG_user <????>
> Auth_PG_pwd <????>
> Auth_PG_pwd_table users
> Auth_PG_uid_field username
> Auth_PG_pwd_field password
> Auth_PG_encrypted off
>
> Auth_PG_log_table apache_log
> Auth_PG_log_uname_field username
> Auth_PG_log_date_field time
> Auth_PG_log_uri_field uri
> Auth_PG_log_addrs_field address
> Auth_PG_log_pwd_field password
>
> <LIMIT GET POST>
>         require valid-user
> </LIMIT>
>
> This is what shows up in apache's error log:
>
> [Fri Sep 13 11:39:57 2002] [error] access to /test failed for xxx.xxx.xxx.xxx,
> reason: PG user ssmith: password mismatch
>
> I've tried to debug the problem for quite a long time and can't think of
> anything I'm doing wrong.  Any help/advice anyone can provide would be much
> appreciated.
>
> Thanks,
>
> Joey

You are inserting the first password in clear text. I am not familiar
with mod_auth_pgsql but in mod_auth there is only comparison between
coded passwords. Insert a coded password into your table and try it than
again. Maybe that helps.

Michael