Or worse, do you use the same password for everything? There’s a better way to do it, which relieves every site and blog owner from having to store your password.
The way to do it is to set up an OpenID, that way the only person you have to blame is yourself, and perhaps your hosting provider. Another benefit of doing this touches on a big interest of mine: owning your identity online. You see, in the OpenID scheme, your blog URL is all you provide upon login. The rest of the information is exchanged by encrypted API handshake between the OpenID provider(your site) and the site you’re logging into(the OpenID consumer).
The setup is not for the faint of heart, but it’s not that bad, and I took good notes on how I did it.
To set up your site as an OpenID provider, you need to following things:
Step 1: Download the latest and greatest version of the PHP script. It’s 0.6 currently.
Log into your account, and open a shell window, and issue the following commands(if you’re not running PHP as CGI, you can skip the .htaccess part and do everything from the root URL if you want - read below to see how to tell):
mkdir me
cd me
svn co https://www.siege.org/svn/oss/phpMyID/trunk/ .
Step 2: Visit MyID.config.php in your web browser. You should see something like this:
This is an OpenID server endpoint. For more information, see http://openid.net/
Server: http://williamgunn.org/me/OpenID.config.php
Realm: phpMyID
Login
Step 3: Edit MyID.config.php to include your info.
- pick a username
- generate and include your password hash
echo -n 'username:realm:password' | openssl md5
- optionally enter personal information to be supplied to sites.
Step 4: Go back to your webbrowser and hit the login link on the page you loaded before. Now, you’ll be redirected and a window will popup asking for your username and password. Enter them, and press enter. If you get a message saying you’re logged in, you’re not running php as a cgi, and you can skip the rest of this paragraph. If you are running php as a cgi, you need a .htaccess file to convert the authentication headers into environment variables the script can use. This is because “The HTTP Authentication hooks in PHP are only available when it is running as an Apache module and is hence not available in the CGI version.” The fix is easy: if you didn’t make a subdirectory above, make one, and create a file called .htaccess containing the following code(you may already have an example file in your root directory).
# Option 1, mod_rewrite (req)
RewriteEngine on
RewriteCond %{HTTP:Authorization} !^$
RewriteCond %{QUERY_STRING} openid.mode=authorize
RewriteCond %{QUERY_STRING} !auth=
RewriteCond %{REQUEST_METHOD} =GET
RewriteRule (.*) %{REQUEST_URI}?%{QUERY_STRING}&auth=%{HTTP:Authorization} [L]
Now, you should be able to hit the login link and get logged in.
I get redirected to the following URL: http://williamgunn.org/me/scriptname.config.php?openid.mode=id_res&openid.identity=http%3A%2F%2Fwilliamgunn.org%2Fme%2Fscriptname.config.php&openid.assoc_handle=[redacted]&openid.return_to=http%3A%2F%2Fwilliamgunn.org%2Fme%2Fscriptname.config.php&openid.signed=mode%2Cidentity%2Cassoc_handle%2Creturn_to&openid.sig=[more redacted stuff]
Now set allow_gmp and allow_test to true in the config file, allowing encryption aka Smart Mode and testing, and load http://yoursite.com/you/MyID.config.php?openid.mode=test
If you’re on Dreamhost, which doesn’t have support for GMP in the php binaries, you will get a file looking somewhat like this:
| bcmath | warn - not loaded |
|---|---|
| gmp | warn - not loaded |
| logfile | warn - log is not writable |
| session | pass |
| secret | pass |
| expire | pass |
| base64 | pass |
| hmac | pass |
| bigmath | fail - big math functions are not available. |
| sha1_20 | pass |
| x_or | pass |
If you get that, you’re ready to delegate your OpenID identity. Go to the root of your domain(or wherever you wish) and enter the following code in a file named index.html
<link href="http://williamgunn.org/me/OpenID.config.php" rel="openid.server" />
<link href="http://williamgunn.org/me/OpenID.config.php" rel="openid.delegate" />
If you’ve already got an index.html, just put the two lines in the head section.
Now go login to a site that accepts OpenID, or just leave a comment here. See here for details on how to set up your site to accept OpenID, see here.