阿帕奇MOD-AUTH-mysql用phpass加密的密码(字preSS) [英] Apache mod-auth-mysql with phpass encrypted password (Wordpress)
问题描述
我需要有一些网页密码保护的主要话语preSS站点之外。该用户将preFER使用他们已有的用户名和密码在Word中preSS。
I need to have password protection on some web pages outside of the main Wordpress site. The users would prefer to use the usernames and passwords they already have in the Wordpress.
明显的解决办法似乎是使用宇瞻模块的MYSQL认证:MOD-AUTH-mysql的
The obvious solution would seem to be to use the Apace module for Mysql based authentication: mod-auth-mysql.
然而,这似乎并不可能,因为Word preSS采用Phpass密码加密,这是不支持MOD-AUTH-mysql的。
This however does not seem to be possible, because Wordpress uses Phpass password encryption, which is not supported by mod-auth-mysql.
- http://modauthmysql.sourceforge.net/CONFIGURE
- http://www.openwall.com/phpass/
- <一个href="http://word$p$pss.stackexchange.com/questions/32004/how-to-validate-word$p$pss-generated-password-in-db-using-php">http://word$p$pss.stackexchange.com/questions/32004/how-to-validate-word$p$pss-generated-password-in-db-using-php
- http://modauthmysql.sourceforge.net/CONFIGURE
- http://www.openwall.com/phpass/
- http://wordpress.stackexchange.com/questions/32004/how-to-validate-wordpress-generated-password-in-db-using-php
有没有什么办法可以解决这个限制?
Is there any way to get around this limitation?
推荐答案
您可以使用MOD-AUTH-mysql的接受Phpass加密口令的补丁版本。我将包括如何做到这一点的Ubuntu和Debian的说明。
You can use a patched version of mod-auth-mysql to accept Phpass encrypted passwords. I'll include instructions on how to do this in ubuntu and debian.
这些指令已经在Ubuntu 10.4和12.04进行了测试,但应该工作在许多其他基于Debian的最小变化的平台。
These instructions have been tested in Ubuntu 10.4 and 12.04, but should work on many other Debian based platforms with minimal changes.
有关构建修补.deb软件包创建工作目录
Create a working directory for building the patched .deb package
mkdir mod-auth-mysql-phpass
cd mod-auth-mysql-phpass
获取需要建立包和包源的依赖。
Get dependencies needed for building the package and the package source.
sudo apt-get build-dep mod-auth-mysql fakeroot
apt-get source mod-auth-mysql
进入到新创建的源文件夹。
Go to the newly created source folder.
cd mod-auth-mysql-4.3.9
使用Debian的工具来创建一个适当的debian格式的补丁(.dpatch)。首先检查补丁的当前列表。
Use Debian tool to create a properly debian formatted patch (.dpatch). First check the current list of patches.
cat debian/patches/00list
最后官方补丁将是在列表的末尾。使用最后的补丁的名称 如下dpatch编辑-patch命令的最后一个参数。还搭载了一些大一新phpass修补程序的名称。 在我的情况下,在列表中的最后一个补丁是017-doc_persistent_conn.dpatch和phpass修补程序的名称,然后是018-phpass。
The last official patch will be at the end of the list. Use the name of the last patch as the last argument of dpatch-edit-patch command below. Also pick a number one greater for the name of the new phpass patch. In my case the last patch in the list was 017-doc_persistent_conn.dpatch and the name of phpass patch is then 018-phpass.
dpatch-edit-patch patch 018-phpass 017-doc_persistent_conn.dpatch
dpatch编辑补丁将启动一个特殊的文件夹内的一个新的外壳, 它将使用,构建定制的Debian格式的补丁。
dpatch-edit-patch will start a new shell inside a special folder that it will use to build the custom debian formatted patch.
下载原始补丁
wget http://pelam.fi/published_sources/mod-auth-mysql-phpass/patch.diff
应用原始补丁并将其删除。
Apply the raw patch and delete it.
patch < patch.diff
rm patch.diff
告诉大家,可以生成我们自定义补丁dpatch编辑补丁。
Tell dpatch-edit-patch that our custom patch can be generated.
exit
奇迹在你的新正确的Debian格式的补丁。您还应该 审查这个非官方补丁所做的更改,如果你对安全性:)
Wonder at your new properly Debian formatted patch. You should also review the changes made by this unofficial patch if you care about security :)
cat debian/patches/018-phpass.dpatch
添加新的补丁,以修补程序的列表要应用时.deb软件包构建。
Add the new patch to the list of patches to be applied when .deb package is built.
echo 018-phpass.dpatch >> debian/patches/00list
生成补丁包
dpkg-buildpackage -b -uc
现在你可以安装自己定制的.deb软件包(内置包的名称可能会因您的系统上有所不同)。
Now you can install your custom built .deb package (the built package name may vary depending on your system).
sudo dpkg --install ../libapache2-mod-auth-mysql_4.3.9-13ubuntu3_amd64.deb
配置MOD-AUTH-mysql的来验证字preSS使用Phpass
启用MOD-AUTH-mysql的:
Configuring Mod-auth-mysql to Authenticate Against Wordpress Using Phpass
Enable mod-auth-mysql:
sudo a2enmod auth_mysql
重新启动Apache就可以使新模块生效:
Restart apache for the new module to take effect:
sudo service apache2 restart
该文件(现在包括Phpass)可以用,例如查看。 less命令
The documentation (Now including Phpass) can be viewed with eg. less command
zless /usr/share/doc/libapache2-mod-auth-mysql/DIRECTIVES.gz
下面是一个简单的.htaccess文件,该文件只允许访问的Word preSS管理员:
Here is a sample .htaccess file that allows access only for Wordpress administrators:
AuthType Basic
AuthName "Give Wordpress Administrator username and password"
Auth_MySQL_User YOUR_MYSQL_USER_HERE
Auth_MySQL_Password YOUR_MYSQL_PASSWORD_HERE
Auth_MySQL_Host YOUR_MYSQL_SERVER_HERE
AuthBasicAuthoritative Off
# I don't know a better way to disable the default password file authentication
AuthUserFile /dev/null
Auth_MySQL on
Auth_MySQL_DB YOUR_WORDPRESS_MYSQL_SCHEMA_NAME_HERE
Auth_MySQL_Password_Table wp_users
Auth_MySQL_Username_Field wp_users.user_login
Auth_MySQL_Password_Field wp_users.user_pass
Auth_MySQL_Encryption_Types PHPass PHP_MD5
Auth_MySQL_Group_Table "wp_users, wp_usermeta"
Auth_MySQL_Group_Clause "AND wp_users.ID = wp_usermeta.user_id AND wp_usermeta.meta_key='wp-capabilities' and m.meta_value like '%s:13:\"administrator\"%'"
Auth_MySQL_Persistent On
Auth_MySQL_Authoritative Off
Auth_MySQL_CharacterSet utf8
Require valid-user
Order allow,deny
Allow from all
这篇关于阿帕奇MOD-AUTH-mysql用phpass加密的密码(字preSS)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
