httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Charles Sliger" <>
Subject Re: encrypting passwords
Date Thu, 18 Mar 1999 00:54:25 GMT
Yes, I am interested in both scenarios.
On the server, how would I programatically encrypt the
password?  htpasswd seems to require interaction.

From: Greg Stein <>
If you don't want passwords passed in the clear, then take a look at
"Digest authentication". It is handled by mod_digest on the server. You
may need to write your own client-side digest support (I think IE5
supports digest, tho).

I'm presuming you're talking about authenticating with the server,
rather than setting passwords on the server for future authentication.
If the latter, then you will want to use SSL to send the password to the

Charles Sliger wrote:
> Now that I've taken a look at the man page for htpasswd,
> I'm not sure I can use it in a script.  It's apparently
> hardwired for interactive use.
> -chaz
> I could use htpasswd in a perl script on the server to do this
> that is true.  I would prefer to have a way to perform the
> encryption on the client side and not pass the password accross
> the net cleartext.
> -chaz
> From: Chris Ewert <>
> the htpasswd tool could be used to do that.  Its a support program
> included in the distribution.  I assume that you are talking about a
> .htpasswd file.
> Charles Sliger wrote:
> > How do I encrypt a password such that the Apache server
> > will understand it?
> > I can't seem to find documentation discussing such things
> > as the seed used.
> > -chaz

View raw message