On Mon, Jul 11, 2011 at 12:02 PM, Tom Evans <tevans...@googlemail.com>wrote:
> On Sun, Jul 10, 2011 at 2:30 PM, Cal Leeming [Simplicity Media Ltd] > <cal.leem...@simplicitymedialtd.co.uk> wrote: > > The only connection this question has with Django, is the encryption > method > > that Django uses, and therefore is inappropriate for this forum. > > Please refer to http://code.djangoproject.com/wiki/UsingTheMailingList > > On a site note, it took me less than 10 seconds on Google (with a very > > simple search term - first result) to find the answer you needed, which > > shows either lack of intuition or total laziness on your part. > > Cal > > > > Wait what? The guy wanted to use Apache to prompt for basic auth, > using django.contrib.auth as a datastore for usernames and passwords - > why is it inappropriate to ask about extending Django's auth on a > django user mailing list? I'm also surprised that you found the answer > the OP needed in 10 seconds (and failed to link the OP to it), given > that there is no direct solution AFAICT. > http://www.google.co.uk/search?hl=en&safe=off&q=auth_mysql+salt And I quote: http://modauthmysql.sourceforge.net/CONFIGURE AuthMySQLSaltField <> | <string> | mysql_column_name Contains information on the salt field to be used for crypt and aes encryption methods. It can contain one of the following: <>: password itself is the salt field (use with crypt() only) <string>: "string" as the salt field mysql_column_name: the salt is take from the mysql_column_name field in the same row as the password I probably should have told OP how I found the information he needed, and what steps to take (although the steps I took are explained in the wiki). I'll ensure to do this next time. I would also agree that my comments about it being "inappropriate" for this mailing list were wrong, as although the connection between the question and Django was loose, it is still a connection nevertheless. My apologies to the OP on this. > > Far too many people are spending too much time on this mailing list > discussing how to respond to users and what is proper to discuss on > here, and finding the perfect stock answer to tell people to eff off, > rather than actually trying to help them. > > OP: This is actually tricky to do. Apache's mod_authn_dbd expects the > passwords to be in certain explicit formats[1], which do not > correspond to how Django's django.contrib.auth package stores the > passwords. As this blog post[2] explains, the issue is that apache > does not take into account the salt used to secure the password > hashes. You could try contacting the author of that post, as he has > written his own way around it. > OP said he was using mod auth_mysql, not mod_authn_dbd..? Unless I have misunderstood something?? > > Cheers > > Tom > > [1] http://httpd.apache.org/docs/trunk/misc/password_encryptions.html > [2] http://www.david-reid.com/cynic/2009/02/24/django-apache-auth/ > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To post to this group, send email to django-users@googlegroups.com. > To unsubscribe from this group, send email to > django-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/django-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
