httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rodent of Unusual Size <Ken.C...@Golux.Com>
Subject Re: basic auth broken
Date Sun, 31 Jan 1999 20:12:11 GMT
Eric Cholet wrote:
> The recent patch to mod_auth in the CVS source tree broke basic auth on
> my server. My passwords, generated with htpasswd, all start with "$1" but
> the code thinks they are MD5 encrypted, whereas they really come
> from crypt(). Therefore authentication fails for valid passwords.
> >uname -rs
> FreeBSD 2.2.7-RELEASE

Unless you chose DES when you installed FreeBSD, its crypt() *is*
producing MD5 passwords.  And that it's prefacing them with '$1'
indicates that's the case.  So it looks as though the ap_MD5Encode()
routine and FreeBSD's implementation aren't interoperable, which
is definitely not good, and something to be investigated this
week.. :-(
#ken	P-)}

Ken Coar                    <http://Web.Golux.Com/coar/>
Apache Group member         <>
"Apache Server for Dummies" <http://Web.Golux.Com/coar/ASFD/>

View raw message