Home / server / Questions / 214033
In Process
jjczopek
Asked: 2010-12-19 12:46:14 +0800 CST

Subversion and BugZilla sharing accounts problem

  • 772

I installed bugzilla and subversion on my server. I'd like them to share accounts. So I googled and found this post here. I installed mod_auth_mysql, applying patch for apache 2.2.3 but it doesn't work. When look into error logs of my apache, I find that password mismatch :/ Let's assume I have an user like this in bugzilla:

[email protected], password: test1234

When I try to enter my SVN repo, the login forms pops up, but I cant login. In server error log I find:

[Sat Dec 18 15:25:10 2010] [error] [client 83.4.164.217] user [email protected]: password mismatch: /svn

I also debug the mysql queries which are sent to server, and I found this:

101218 15:25:10      85 Connect     bugs@localhost on
                     85 Init DB     bugs
                     85 Query       SELECT cryptpassword, length(cryptpassword) FROM profiles WHERE login_name='[email protected]' AND disabledtext = ''

When I run the same query by hand I got following result:

mysql> SELECT cryptpassword, length(cryptpassword) FROM profiles WHERE login_name='[email protected]' AND disabledtext = '';
+--------------------------------------------------------------+-----------------------+
| cryptpassword                                                | length(cryptpassword) |
+--------------------------------------------------------------+-----------------------+
| Jnm2qVBMbifU7PEZyl+exbYEAsO8SZh1x2ratGhqfikMg1bxYFg{SHA-256} |                    60 |
+--------------------------------------------------------------+-----------------------+
1 row in set (0.00 sec)

And my in my apache conf:

<Location /svn >
        DAV svn
        SVNPath /etc/subversion

        AuthzSVNAccessFile /home/yuri/.svncontrol

        AuthType Basic
        AuthMySQLSaltField <>
        AuthName "Mwuahahaha this is protected!"
        AuthMySQLPwEncryption crypt
        AuthMySQLUser bugs
        AuthMySQLPassword <some_pass>
        AuthMySQLDB bugs
        AuthMySQLUserTable profiles
        AuthMySQLNameField login_name
        AuthMySQLPasswordField cryptpassword
        AuthMySQLUserCondition "disabledtext = ''"
        Require valid-user

</Location>

The same config but without AuthMySQLPwEncryption crypt and AuthMySQLSaltField <> lines gives the same problem

mysql apache-2.2 svn bugzilla mod-auth-mysql

1 Answers

  1. mod_auth_mysql's crypt algorithm uses a different format of hash to Bugzilla's e.g. a crypt SHA-256 password would look like this:

    $5$rounds=5000$usesomesillystri$KqJWpanXZHKq2BOB43TSaYhEWsQ1Lr5QNyPCDH/Tp.6

    Asside from that, it is unlikely that your linux distribution supplies the crypt command with the sha-256 algorithm. mod_auth_mysql uses the c library's crypt function to perform this.

    Your best bet may be to switch Bugzilla to a less secure encryption algorithm (md5), and set mod_auth_mysql to use that instead:

    AuthMySQLPwEncryption md5
    • 1