Authentication failed

For issues with installing and configuring the Archon software to begin running on your webserver.

Moderators: paulnsorensen, kylefox2, prom, rishel

Authentication failed

Postby sanyii » Fri Nov 11, 2011 9:19 am

I have successfully installed archon 3.21 on ubuntu LAMP. I want to apply archon for my company. After installation I was unable to login except for the user sa. For all other users I create, I get the same message "Authentication failed." I tried Firefox 7.0.1, google chrome 14.0.8... both on Ubuntu. I have even triied to access archon from LAN using firefox, chrome, and IE for the same result. I can even see the users and create new ones from sa. Is there a config or installation problem I cased? Please a little help will solve me a nightmare.
sanyii
 
Posts: 2
Joined: Fri Nov 11, 2011 9:06 am

Re: Authentication failed

Postby paulnsorensen » Wed Nov 30, 2011 4:30 am

Where are you creating the new users? What PHP and MySQL versions are you using?
paulnsorensen
Site Admin
 
Posts: 631
Joined: Mon Mar 31, 2008 8:55 am

Re: Authentication failed

Postby Dzov » Thu Mar 08, 2012 10:21 am

I had this same problem on an Ubuntu 11.10 system. On my system, Archon stores the password hash in a 34 character field, and then compares it to a 98 character long hash from crypt().

There are 3 solutions I've found:
1. Change the algorithm used by crypt() as described at http://php.net/manual/en/function.crypt.php
2. Edit the verifyPassword function in file user.inc.php to only compare the first 34 characters as below:
return ($this->PasswordHash && ($this->PasswordHash == substr(crypt($Password, $this->PasswordHash),0,34)));
3. Change the "PasswordHash" definition in the database table "tblCore_Users" to a field large enough to contain the entire hash.
Dzov
 
Posts: 1
Joined: Wed Mar 07, 2012 5:37 pm

Re: Authentication failed

Postby paulnsorensen » Mon Mar 12, 2012 3:02 am

Is your system not using the standard DES algorithm for crypt()?
paulnsorensen
Site Admin
 
Posts: 631
Joined: Mon Mar 31, 2008 8:55 am

Re: Authentication failed

Postby gjerdery » Tue Jun 12, 2012 10:46 am

We recently moved our site to an Ubuntu server, from CentOS I believe, and had the same issue with accounts created on both the public and admin side. I updated the "PasswordHash" field in the DB to be 98 chars long, which fixes the issue. Passwords stored from accounts created while still on CentOS still work. I believe we will need to reset passwords that were created on the new system prior to this fix.

It appears that our old system was using MD5 to encode the passwords, and the new one now is using SHA-512.
gjerdery
 
Posts: 21
Joined: Tue Apr 05, 2011 7:24 pm

Re: Authentication failed

Postby pearcemoses » Thu Aug 30, 2012 11:22 am

Reporting that this occured on Xubunutu 12.04.

Validating the first 34 char of the hash solved the problem I was having.

Thanks for this. Saved me hours, no doubt.

-- RPM
pearcemoses
 
Posts: 2
Joined: Sun Jan 16, 2011 8:12 am

Re: Authentication failed

Postby slknight » Thu Jan 10, 2013 6:27 pm

Reporting that this also occurred on Ubuntu 12.04.1 LTS. Increasing password hash to 98 characters fixed authentication failure.
slknight
 
Posts: 22
Joined: Wed Apr 20, 2011 3:13 pm

Re: Authentication failed

Postby prom » Mon Jan 14, 2013 10:20 pm

Just to verify here, are you all saying that you increased the field length in the DB to fix this problem? If so, we can look at issuing a fix for this problem officially, but I want to make sure I understand exactly what you did to fix the problem
Chris Prom
Assistant University Archivist
Archon co-Project Director
217 333 0798
prom
 
Posts: 144
Joined: Thu Sep 13, 2007 8:57 am
Location: U Illinois

Re: Authentication failed

Postby goedls » Thu Feb 21, 2013 3:22 pm

I am having the same problem.

I can only log in with the sa account.

Linux Debian
Apache 2.2.22
PHP 5.4.4-9
MySql 5.5.28

Increasing the field length of the tblCore_Users PasswordHash did not resolve the problem nor did editing the user.inc.php. After resetting the user password I can see in the PasswordHash files that it is in fact 98 characters.

I am not sure how to tell what encryption crypt() is using by default or how to change it.
goedls
 
Posts: 1
Joined: Thu Feb 21, 2013 1:48 pm

Re: Authentication failed

Postby prom » Fri Feb 22, 2013 11:08 am

It looks like there is some problem related to the php crypt function. YOu can tell which algorithm your system is using by looking at the previx on the encoded values, for example $1$ is md5:http://php.net/manual/en/function.crypt.php.

I do not know how to change the algorithm being used either and hope someone else can chime in here.
Chris Prom
Assistant University Archivist
Archon co-Project Director
217 333 0798
prom
 
Posts: 144
Joined: Thu Sep 13, 2007 8:57 am
Location: U Illinois


Return to Installation/Configuration Issues

Who is online

Users browsing this forum: No registered users and 1 guest

cron