Sunday, August 7, 2011

Automating addition of users to a DBM DB for HTTP auth

problem: the passwords you're generating don't work

  1. You're using one or more DBM DB's for storing HTTP authentication (authn_dbm_module).
  2. You want to automate adding users to a DBM DB.
  3. You want to use SHA1 passwords.
You're at a loss, as how to generate passwords that will work with automation.

impact: manual job to add users :(

Against the pragmatic principle of "Don't Repeat Yourself! (DRY).

solution: understand sha1 encryption for DBM and authn_dbm_module

One key bit of info buried in man htpasswd is the fact SHA1 passwords for DBM and authn_dbm_module are not salted. This does make life a little easier. However I missed this when looking for solutions and before looking at the source code of dbmmanage.

With something like the following in your script, you can automate adding users to a DBM DB:
dbmmanage -s $db add $user $password $groups
However, simply supplying a SHA1 password does not work. This is because DBM stores it SHA1 passwords as a base64 binary digest. More info about this over at CPAN.

So, in PHP for example, you could do something like the following to generate a valid password for your automation:
$enc_pass = base64_encode(pack("H*", sha1($password)));
Then you would use the $enc_pass for your automation :)

Further reading

No comments: