Hello,

I'm trying to use "auth_http" to handle the authentication for SMTP.
The auth script itself is a PHP script. At the beginning of the script I'm doing the following (just for testing!!! The passwords will not be logged later):

if( !isset($_SERVER["HTTP_AUTH_USER"]) || !isset($_SERVER["HTTP_AUTH_PASS"]) )
{
// User or Password are NOT set.
fail("Invalid user or password");
}

$username = $_SERVER["HTTP_AUTH_USER"];
$userpass = $_SERVER["HTTP_AUTH_PASS"];
$protocol = $_SERVER["HTTP_AUTH_PROTOCOL"];

$fd=fopen('php_mail.log', 'a');
fputs($fd, "User: [".$username."] Protocol: [".$protocol."] Pass: [".$userpass."]\n");
fclose($fd);


However, the passwords I see in the log are different all the time for the same user.
Often they consist of 32 hexadecimal digits (but never the same combination) or sometimes they are simply the username with brackets around.

For my understanding the received password should be the same all the time, because otherwise I cannot check the user credentials.

Is there a problem with my understanding or do I miss something?

Thanks,

Thomas
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx