Apache MD5 is different to MySQL MD5 - help!

Help
2008-12-01
2013-04-23
  • Imran Chaudhry
    Imran Chaudhry
    2008-12-01

    Hi All,

    I have discovered that mod_auth_mysql will not use the Apache specific MD5 algorithm!

    Is there a solution to this? I have a password file of approx 1000 users where the format is like this:

    user@example.com:$apr1$s4B8v/..$PM2pFQZ5x.OqE3WKr1ahV0

    I have migrated the user and password data to my database but mod_auth_mysql appears to use the MySQL MD5 function to authenticate the user!

    > select * from user where name = 'user@example.com' \G
    *************************** 1. row ***************************
        name: user@example.com
    password: $apr1$s4B8v/..$PM2pFQZ5x.OqE3WKr1ahV0

    eg. if the password above was "foobar", then the md5 would be "

    > select md5('foobar') \G
    *************************** 1. row ***************************
    md5('foobar'): 3858f62230ac3c915f300c664312c63f

    If I use that in my user table instead of the Apache derived password it will work!

    My problem obviously is how to migrate my 1000 users seamlessly.

    Any ideas? This seems a pretty fundamental issue.

    Cheers,
    Imran Chaudhry

     
    • Imran Chaudhry
      Imran Chaudhry
      2009-07-06

      Since making this post we are now using Debian 5.0 "Lenny" which happily includes the packaged "libapache2-mod-auth-mysql" with support for the Apache MD5 crypt function. We are using it in production and it works brilliantly.