http auth using django auth_user table
Ali Rıza KELEŞ
I want to use django auth_user table for authentication of another
application which uses "apache basic auth" with module auth_mysql. The
code below runs well with MD5 passwords without salt. But django works
sha1 and with salt.
What should I do?
Thanks..
AuthName "Hi.. Please login"
AuthType Basic
AuthBasicAuthoritative Off
Auth_MySQL On
Auth_MySQL_Authoritative on
Auth_MySQL_Host localhost
Auth_MySQL_User django-mysql-user
Auth_MySQL_Password some-password
Auth_MySQL_DB django-mysql-database
Auth_MySQL_Password_Table auth_user
Auth_MySQL_Empty_Passwords Off
Auth_MySQL_Encrypted_Passwords on
Auth_MySQL_Username_Field email
Auth_MySQL_Password_Field password
Auth_MySQL_Encryption_Types PHP_MD5
AuthUserFile /dev/null
Require valid-user
--
--
Ali Rıza Keleş
![Cal Leeming [Simplicity Media Ltd]'s profile photo](http://lh3.googleusercontent.com/a-/ALV-UjWxmy9B2ZuM4H6f4BRSGX6Ym9xIa3xyDT0-2RyeSTW0CrcEcaXI=s40-c)
Cal Leeming [Simplicity Media Ltd]
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django...@googlegroups.com.
To unsubscribe from this group, send email to django-users...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Ali Rıza KELEŞ
<cal.l...@simplicitymedialtd.co.uk>:
> The only connection this question has with Django, is the encryption method
> that Django uses, and therefore is inappropriate for this forum.
Yes, right. It had seemed me connected. Sorry for wasting your time..
> Please refer to http://code.djangoproject.com/wiki/UsingTheMailingList
Thanks..
> On a site note, it took me less than 10 seconds on Google (with a very
> simple search term - first result) to find the answer you needed, which
> shows either lack of intuition or total laziness on your part.
Thanks again.. I looked for an experience..
--
Ali
Tom Evans
<cal.l...@simplicitymedialtd.co.uk> wrote:
> The only connection this question has with Django, is the encryption method
> that Django uses, and therefore is inappropriate for this forum.
> Please refer to http://code.djangoproject.com/wiki/UsingTheMailingList
> On a site note, it took me less than 10 seconds on Google (with a very
> simple search term - first result) to find the answer you needed, which
> shows either lack of intuition or total laziness on your part.
> Cal
>
Wait what? The guy wanted to use Apache to prompt for basic auth,
using django.contrib.auth as a datastore for usernames and passwords -
why is it inappropriate to ask about extending Django's auth on a
django user mailing list? I'm also surprised that you found the answer
the OP needed in 10 seconds (and failed to link the OP to it), given
that there is no direct solution AFAICT.
Far too many people are spending too much time on this mailing list
discussing how to respond to users and what is proper to discuss on
here, and finding the perfect stock answer to tell people to eff off,
rather than actually trying to help them.
OP: This is actually tricky to do. Apache's mod_authn_dbd expects the
passwords to be in certain explicit formats[1], which do not
correspond to how Django's django.contrib.auth package stores the
passwords. As this blog post[2] explains, the issue is that apache
does not take into account the salt used to secure the password
hashes. You could try contacting the author of that post, as he has
written his own way around it.
Cheers
Tom
[1] http://httpd.apache.org/docs/trunk/misc/password_encryptions.html
[2] http://www.david-reid.com/cynic/2009/02/24/django-apache-auth/
Cal Leeming [Simplicity Media Ltd]
On Sun, Jul 10, 2011 at 2:30 PM, Cal Leeming [Simplicity Media Ltd]Wait what? The guy wanted to use Apache to prompt for basic auth,
<cal.l...@simplicitymedialtd.co.uk> wrote:
> The only connection this question has with Django, is the encryption method
> that Django uses, and therefore is inappropriate for this forum.
> Please refer to http://code.djangoproject.com/wiki/UsingTheMailingList
> On a site note, it took me less than 10 seconds on Google (with a very
> simple search term - first result) to find the answer you needed, which
> shows either lack of intuition or total laziness on your part.
> Cal
>
using django.contrib.auth as a datastore for usernames and passwords -
why is it inappropriate to ask about extending Django's auth on a
django user mailing list? I'm also surprised that you found the answer
the OP needed in 10 seconds (and failed to link the OP to it), given
that there is no direct solution AFAICT.
AuthMySQLSaltField <> | <string> | mysql_column_name
Contains information on the salt field to be used for crypt and aes
encryption methods. It can contain one of the following:
<>: password itself is the salt field (use with crypt() only)
<string>: "string" as the salt field
mysql_column_name: the salt is take from the mysql_column_name field in the
same row as the password
Far too many people are spending too much time on this mailing list
discussing how to respond to users and what is proper to discuss on
here, and finding the perfect stock answer to tell people to eff off,
rather than actually trying to help them.
OP: This is actually tricky to do. Apache's mod_authn_dbd expects the
passwords to be in certain explicit formats[1], which do not
correspond to how Django's django.contrib.auth package stores the
passwords. As this blog post[2] explains, the issue is that apache
does not take into account the salt used to secure the password
hashes. You could try contacting the author of that post, as he has
written his own way around it.
--