Received: by 10.236.184.106 with SMTP id r70mr2344483yhm.12.1310383635518;
Mon, 11 Jul 2011 04:27:15 -0700 (PDT)
X-BeenThere: django-users@googlegroups.com
Received: by 10.150.44.4 with SMTP id r4ls54134ybr.7.gmail; Mon, 11 Jul 2011
04:26:46 -0700 (PDT)
Received: by 10.236.190.225 with SMTP id e61mr1448422yhn.10.1310383606653;
Mon, 11 Jul 2011 04:26:46 -0700 (PDT)
Received: by 10.236.190.225 with SMTP id e61mr1448421yhn.10.1310383606638;
Mon, 11 Jul 2011 04:26:46 -0700 (PDT)
Return-Path: <f...@foxwhisper.co.uk>
Received: from mail-gw0-f46.google.com (mail-gw0-f46.google.com [74.125.83.46])
by gmr-mx.google.com with ESMTPS id a12si2459780yhf.4.2011.07.11.04.26.46
(version=TLSv1/SSLv3 cipher=OTHER);
Mon, 11 Jul 2011 04:26:46 -0700 (PDT)
Received-SPF: neutral (google.com: 74.125.83.46 is neither permitted nor denied by best guess record for domain of f...@foxwhisper.co.uk) client-ip=74.125.83.46;
Authentication-Results: gmr-mx.google.com; spf=neutral (google.com: 74.125.83.46 is neither permitted nor denied by best guess record for domain of f...@foxwhisper.co.uk) smtp.mail=f...@foxwhisper.co.uk
Received: by mail-gw0-f46.google.com with SMTP id a18so1874846gwa.33
for <django-users@googlegroups.com>; Mon, 11 Jul 2011 04:26:46 -0700 (PDT)
Received: by 10.236.161.38 with SMTP id v26mr4940543yhk.392.1310383606405;
Mon, 11 Jul 2011 04:26:46 -0700 (PDT)
Return-Path: <f...@foxwhisper.co.uk>
Received: from mail-gw0-f46.google.com (mail-gw0-f46.google.com [74.125.83.46])
by mx.google.com with ESMTPS id j65sm6525470yhm.82.2011.07.11.04.26.45
(version=SSLv3 cipher=OTHER);
Mon, 11 Jul 2011 04:26:46 -0700 (PDT)
Received: by gwaa18 with SMTP id a18so183936gwa.5
for <django-users@googlegroups.com>; Mon, 11 Jul 2011 04:26:45 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.150.236.9 with SMTP id j9mr1195597ybh.156.1310383605690; Mon,
11 Jul 2011 04:26:45 -0700 (PDT)
Received: by 10.151.156.4 with HTTP; Mon, 11 Jul 2011 04:26:45 -0700 (PDT)
X-Originating-IP: [81.152.150.229]
In-Reply-To: <CAFHbX1+6L12vXTvsBM5NqV0OOtiDZYH890zenx6wxJr2fB4...@mail.gmail.com>
References: <CALOKRKrpL9KAbeoWMOM_9DEm=iO2g_Bp7ksmYToFNp7DNDT...@mail.gmail.com>
<CALvtuFR5vujybuMtAquROsVXAwMvZ-aKABig3LAutWv6XDY...@mail.gmail.com>
<CAFHbX1+6L12vXTvsBM5NqV0OOtiDZYH890zenx6wxJr2fB4...@mail.gmail.com>
Date: Mon, 11 Jul 2011 12:26:45 +0100
Message-ID: <CALvtuFTo+rssuEaBHm0rvCgWMFmRHW1Aqe5EOhVii3q90gV...@mail.gmail.com>
Subject: Re: http auth using django auth_user table
From: "Cal Leeming [Simplicity Media Ltd]" <cal.leem...@simplicitymedialtd.co.uk>
To: django-users@googlegroups.com
Content-Type: multipart/alternative; boundary=000e0cd34c4e56335804a7c975db
--000e0cd34c4e56335804a7c975db
Content-Type: text/plain; charset=ISO-8859-1
On Mon, Jul 11, 2011 at 12:02 PM, Tom Evans <tevans...@googlemail.com>wrote:
> On Sun, Jul 10, 2011 at 2:30 PM, Cal Leeming [Simplicity Media Ltd]
> <cal.leem...@simplicitymedialtd.co.uk> wrote:
> > The only connection this question has with Django, is the encryption
> method
> > that Django uses, and therefore is inappropriate for this forum.
> > Please refer to http://code.djangoproject.com/wiki/UsingTheMailingList
> > On a site note, it took me less than 10 seconds on Google (with a very
> > simple search term - first result) to find the answer you needed, which
> > shows either lack of intuition or total laziness on your part.
> > Cal
> >
>
> Wait what? The guy wanted to use Apache to prompt for basic auth,
> using django.contrib.auth as a datastore for usernames and passwords -
> why is it inappropriate to ask about extending Django's auth on a
> django user mailing list? I'm also surprised that you found the answer
> the OP needed in 10 seconds (and failed to link the OP to it), given
> that there is no direct solution AFAICT.
>
http://www.google.co.uk/search?hl=en&safe=off&q=auth_mysql+salt
And I quote:
http://modauthmysql.sourceforge.net/CONFIGURE
AuthMySQLSaltField <> | <string> | mysql_column_name
Contains information on the salt field to be used for crypt and aes
encryption methods. It can contain one of the following:
<>: password itself is the salt field (use with crypt() only)
<string>: "string" as the salt field
mysql_column_name: the salt is take from the mysql_column_name field in the
same row as the password
I probably should have told OP how I found the information he needed, and
what steps to take (although the steps I took are explained in the wiki).
I'll ensure to do this next time.
I would also agree that my comments about it being "inappropriate" for this
mailing list were wrong, as although the connection between the question and
Django was loose, it is still a connection nevertheless. My apologies to the
OP on this.
>
> Far too many people are spending too much time on this mailing list
> discussing how to respond to users and what is proper to discuss on
> here, and finding the perfect stock answer to tell people to eff off,
> rather than actually trying to help them.
>
> OP: This is actually tricky to do. Apache's mod_authn_dbd expects the
> passwords to be in certain explicit formats[1], which do not
> correspond to how Django's django.contrib.auth package stores the
> passwords. As this blog post[2] explains, the issue is that apache
> does not take into account the salt used to secure the password
> hashes. You could try contacting the author of that post, as he has
> written his own way around it.
>
OP said he was using mod auth_mysql, not mod_authn_dbd..? Unless I have
misunderstood something??
>
> Cheers
>
> Tom
>
> [1] http://httpd.apache.org/docs/trunk/misc/password_encryptions.html
> [2] http://www.david-reid.com/cynic/2009/02/24/django-apache-auth/
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To post to this group, send email to django-users@googlegroups.com.
> To unsubscribe from this group, send email to
> django-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=en.
>
>
--000e0cd34c4e56335804a7c975db
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<br><br><div class=3D"gmail_quote">On Mon, Jul 11, 2011 at 12:02 PM, Tom Ev=
ans <span dir=3D"ltr"><<a href=3D"http://tevans.uk">tevans.uk</a>@<a hre=
f=3D"http://googlemail.com">googlemail.com</a>></span> wrote:<br><blockq=
uote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc =
solid;padding-left:1ex;">
<div class=3D"im">On Sun, Jul 10, 2011 at 2:30 PM, Cal Leeming [Simplicity =
Media Ltd]<br>
<<a href=3D"mailto:cal.leem...@simplicitymedialtd.co.uk">cal.leeming@sim=
plicitymedialtd.co.uk</a>> wrote:<br>
> The only connection this question has with Django, is the encryption m=
ethod<br>
> that Django uses, and therefore is inappropriate for this forum.<br>
> Please refer to=A0<a href=3D"http://code.djangoproject.com/wiki/UsingT=
heMailingList" target=3D"_blank">http://code.djangoproject.com/wiki/UsingTh=
eMailingList</a><br>
> On a site note, it took me less than 10 seconds on Google (with a very=
<br>
> simple search term - first result) to find the answer you needed, whic=
h<br>
> shows either lack of intuition or total=A0laziness=A0on your part.<br>
> Cal<br>
><br>
<br>
</div>Wait what? The guy wanted to use Apache to prompt for basic auth,<br>
using django.contrib.auth as a datastore for usernames and passwords -<br>
why is it inappropriate to ask about extending Django's auth on a<br>
django user mailing list? I'm also surprised that you found the answer<=
br>
the OP needed in 10 seconds (and failed to link the OP to it), given<br>
that there is no direct solution AFAICT.<br></blockquote><div><br></div><di=
v><a href=3D"http://www.google.co.uk/search?hl=3Den&safe=3Doff&q=3D=
auth_mysql+salt">http://www.google.co.uk/search?hl=3Den&safe=3Doff&=
q=3Dauth_mysql+salt</a></div>
<div><br></div><div>And I quote:</div><div><br></div><div><a href=3D"http:/=
/modauthmysql.sourceforge.net/CONFIGURE">http://modauthmysql.sourceforge.ne=
t/CONFIGURE</a></div><div><span class=3D"Apple-style-span" style=3D"font-fa=
mily: 'Times New Roman'; font-size: medium; "><pre style=3D"word-wr=
ap: break-word; white-space: pre-wrap; ">
AuthMySQLSaltField <> | <string> | mysql_column_name
</pre><div><pre style=3D"word-wrap: break-word; white-space: pre-wrap; "> =
Contains information on the salt field to be used for crypt and aes
encryption methods. It can contain one of the following:
<>: password itself is the salt field (use with crypt() only)
<string>: "string" as the salt field
mysql_column_name: the salt is take from the mysql_column_name field in=
the
same row as the password
</pre></div></span><div>I probably should have told OP how I found the info=
rmation he needed, and what steps to take (although the steps I took are ex=
plained in the wiki). I'll ensure to do this next time.=A0</div><div>
<br></div><div>I would also agree that my comments about it being "ina=
ppropriate" for this mailing list were wrong, as although the connecti=
on between the question and Django was loose, it is still a connection neve=
rtheless. My apologies to the OP on this.</div>
</div><div>=A0</div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0=
.8ex;border-left:1px #ccc solid;padding-left:1ex;">
<br>
Far too many people are spending too much time on this mailing list<br>
discussing how to respond to users and what is proper to discuss on<br>
here, and finding the perfect stock answer to tell people to eff off,<br>
rather than actually trying to help them.<br>
<br>
OP: This is actually tricky to do. Apache's mod_authn_dbd expects the<b=
r>
passwords to be in certain explicit formats[1], which do not<br>
correspond to how Django's django.contrib.auth package stores the<br>
passwords. As this blog post[2] explains, the issue is that apache<br>
does not take into account the salt used to secure the password<br>
hashes. You could try contacting the author of that post, as he has<br>
written his own way around it.<br></blockquote><div><br></div><div>OP said =
he was using mod auth_mysql, not=A0mod_authn_dbd..? Unless I have misunders=
tood something??</div><div>=A0</div><blockquote class=3D"gmail_quote" style=
=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<br>
Cheers<br>
<br>
Tom<br>
<br>
[1] <a href=3D"http://httpd.apache.org/docs/trunk/misc/password_encryptions=
.html" target=3D"_blank">http://httpd.apache.org/docs/trunk/misc/password_e=
ncryptions.html</a><br>
[2] <a href=3D"http://www.david-reid.com/cynic/2009/02/24/django-apache-aut=
h/" target=3D"_blank">http://www.david-reid.com/cynic/2009/02/24/django-apa=
che-auth/</a><br>
<font color=3D"#888888"><br>
--<br>
</font><div><div></div><div class=3D"h5">You received this message because =
you are subscribed to the Google Groups "Django users" group.<br>
To post to this group, send email to <a href=3D"mailto:django-users@googleg=
roups.com">django-users@googlegroups.com</a>.<br>
To unsubscribe from this group, send email to <a href=3D"mailto:django-user=
s%2Bunsubscribe@googlegroups.com">django-users+unsubscribe@googlegroups.com=
</a>.<br>
For more options, visit this group at <a href=3D"http://groups.google.com/g=
roup/django-users?hl=3Den" target=3D"_blank">http://groups.google.com/group=
/django-users?hl=3Den</a>.<br>
<br>
</div></div></blockquote></div><br>
--000e0cd34c4e56335804a7c975db--
Message from discussion http auth using django auth_user table
| Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy |
| ©2013 Google |