Hi,
I am running nginx/0.8.50, and i am using “auth_basic” for basic
authentication. Now what i have found so far is that it looks like
nginx is treating the passwords as plain text. My basic idea is that
Nginx does not encrypt the password that it gets with MD5 or any other
algorithm, and simply checks password that is sent as plain text.
is this true or am i missing something?
Here is part of my configuration:
location / {
limit_except POST { # do this for all requests but GETS
auth_basic “Restricted”;
auth_basic_user_file passwd;
proxy_pass http://localhost:8250;
}
Configuration is valid:
C:\ProgramFiles\nginx>nginx.exe -t
the configuration file C:\ProgramFiles\nginx/conf/nginx.conf syntax is
ok
configuration file C:\ProgramFiles\nginx/conf/nginx.conf test is
successful
Contents of passswd file:
aaa:hxd1LrV11sUPs
bbb:/vtymnRvQGh52
qqq:aaa
ccc:ccc
What i have found is that if i try user aaa, or bbb, for which
passwords are generated with Apache htpasswd utility i get log error
2010/09/09 19:46:46 [error] 5596#560: *3 user “aaa”: password
mismatch, client: 9.183.126.52, server: myserver, request: “GET
/shortlog/d6b56cc4c6d1 HTTP/1.1”, host: “myhost”
2010/09/09 19:47:16 [error] 5596#560: *3 user “bbb”: password
mismatch, client: 9.183.126.52, server: myserver, request: “GET
/shortlog/d6b56cc4c6d1 HTTP/1.1”, host: “myhost”
If i try connecting with user ccc and password ccc, user is allowed.
I’ve found on google some mails in mailing lists that tell that this
might not yet be implemented (can’t find that URL now).
And, by the way, OS is WinXP.
–
LinkÄ—jimai, Best Regards
Darius Damalakas