1

Running centOS 7.5, mysql 8, php 7.2, apache 2.4.6 Trying to get mysql authentication working for a php app I use that stores it's passwords as md5(md5('pass').salt)

I've confirmed the proper modules are loaded (can provide the list if needed)

I'm getting password mis-match [auth_basic:error] [pid 5195] [client 10.10.10.111:49234] AH01617: user ecourt: authentication failure for "/central": Password Mismatch

here's the code from my central.conf file in the /etc/httpd/conf.d directory

# mod_dbd configuration
# UPDATED to include authentication cacheing
DBDriver mysql
DBDParams "host=localhost dbname=bb user=userU pass=somepass"

DBDMin  4
DBDKeep 8
DBDMax  20
DBDExptime 300

<Directory "/webroot/test/www/central">
  # mod_authn_core and mod_auth_basic configuration
  # for mod_authn_dbd
  AuthType Basic
  AuthName "central login" 

  # To cache credentials, put socache ahead of dbd here
  AuthBasicProvider socache dbd

  # Also required for caching: tell the cache to cache dbd lookups!
  AuthnCacheProvideFor dbd
  AuthnCacheContext my-server

  # mod_authz_core configuration
  Require valid-user
  # Require group 10 8 6

   # mod_authn_dbd SQL query to authenticate a user
   #AuthDBDUserPWQuery "SELECT password FROM user WHERE username = %s"
   AuthDBDUserPWQuery "SELECT MD5(MD5(password) + 'salt') AS password FROM     user WHERE username = %s"

</Directory>

any help is appreciated. Thanks

ecourt
  • 11
  • 2
  • Since I'm not making any headway, going to try creating a test DB, where I can control the password hashing, start simple, and see at what point it stops working. – ecourt Nov 01 '18 at 16:37

1 Answers1

1

'salt' is a string ('single quotes'), maybe you mean the column `salt` (`backticks`)?

see:

YellowAfterlife
  • 2,967
  • 1
  • 16
  • 24
DemIngenieurIstNichtsZuSchwör
  • 91
  • 3