Results 1 to 3 of 3
  1. #1
    Join Date
    Feb 2005
    Washington DC USA

    Have you succeeded in using mod_auth_mysql with AES crypt?

    If you've been fortunate enough to have made AES encryption work with mod_auth_mysql would you be so kind as to share two things:

    1) Your httpd.conf settings; and,
    2) How you encrypted the password.

    I can get it to work just fine with passwords stored in plain text, but prudence dictates a more secure storage such as offered by AES encryption.
    Unfortunately, when I use the "AuthMySQLPwEncryption aes" directive on an AES encrypted password stored in the database, instead of "AuthMySQLPwEncryption none" on a plain text password stored in the database, the mod_auth_mysql challenge upon browsing a protected directory will not accept the ID & password.


    Aza D. Oberman

  2. #2
    Join Date
    May 2001


    Did you build mod_auth_mysql with AES supported?

  3. #3
    Join Date
    Feb 2005
    Washington DC USA
    Well, it turns out that RPM or YUM installations of mod_auth_mysql 3.0.0 do *MOT* incorporate AES support (contrary to the "news" statements). Each installation errors with "mysql invalid encryption method aes" then a sign-in is attempted.

    MySQL AES_ENCRYPT and AES_ENCRYPT are working fine. This indicates that the MySQL AES support is in place and working.

    Manually compiling and installing mod_auth_mysgl is possible, but it looks like one has to hack the "C" code to use APR_OFFSETOF instead of APR_XtOffsetOf. The compile and install from that point forward are uneventful.

    Unfortunately, the compile and install wasn't able to link properly with the MySQL lib. Even with an explicit library path my_aes_encrypt()would not link in. my_aes_encrypt() is the underlieing function used by MySQL's AES_CRYPT which works just fine.

    Not that I am somehow the pinnacle of doing installations under CENTOS, but I've reluctantly concluded that mod_auth_mysgl simply can't handle a robust secure password encryption technique like AES. It's fine with plain text and perhaps with some unfortunately more vulnerable encryption techniques, but it can't run with the big dogs any more.

    Sad to see such a promising tool begin to fade.

    Thanks to all of you for your suggestions and generous help.



Similar Threads

  1. Problem using mod_auth_mysql with AES encryption
    By ImageLogic in forum Hosting Security and Technology
    Replies: 0
    Last Post: 11-25-2010, 08:41 PM
  2. after Succeeded create new account from whm it not work
    By Bjmal in forum Hosting Security and Technology
    Replies: 1
    Last Post: 12-14-2007, 07:53 PM
  3. succeeded sshd has failed, please contact the sysadmin.
    By robocap in forum Hosting Security and Technology
    Replies: 3
    Last Post: 05-23-2007, 02:56 AM
  4. Backorder Failed, Then Succeeded?
    By Pryach in forum Domain Names
    Replies: 1
    Last Post: 11-11-2005, 09:27 PM
  5. wpa-psk AES Algorithm?
    By macdonaldp in forum Web Hosting Lounge
    Replies: 4
    Last Post: 06-11-2005, 11:25 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts