How to teach basic_db_auth to understand passwords whose hash starts with $apr1$?

A

Alexey Kopendakov2018-06-06 09:37:22

Perl

Alexey Kopendakov, 2018-06-06 09:37:22

Good afternoon.
Debian 8 system, squid3
I decided to move squid users to mysql database, and faced the following problem:
Passwords were generated by htpasswd , and now hash of some passwords starts with $apr1$
I transferred logins and hashes to mysql database. However, passwords whose hashes begin with $apr1$ are not checked by the basic_db_auth script (from the standard distribution). There are no problems with the rest.
Since the script is written in Perl, then for sure, there is an opportunity to "overcome" this problem. The whole question is how?
I just would like to make the transition as transparent as possible for users...

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

A

Alexey Kopendakov, 2018-06-06
@alex_kag

The fact that this is a special format combined with salt is what I found. The whole problem is that I can only more or less (rather less) understand perl, but I am not able to change it ....
Therefore, they are interested in ways to solve this problem.
In general, the problem is solved, almost head-on.
It was done:
1. installed module for perl Crypt::PasswdMD5;
The basic_db_auth file has been changed as follows:
added: added
after the line :return 1 if $md5 && md5_hex($password) eq $key;
Everything is working.

R

Rsa97, 2018-06-06
@Rsa97

"$apr1$" + the result of an Apache-specific algorithm using an iterated (1,000 times) MD5 digest of various combinations of a random 32-bit salt and the password. See the APR source file apr_md5.c for the details of the algorithm.