httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Cliff Skolnick <cl...@steam.com>
Subject Re: encrypting passwords
Date Thu, 18 Mar 1999 04:14:03 GMT

The htpasswd function simply uses getpass(), which will use /dev/tty if it
is available.  There are a couple getpass() replacements already in the
code, so you should only have to modify a few lines so that the string was
taken from stdin and the getpass() call in the OS was not used.

Cliff

On Wed, 17 Mar 1999, Charles Sliger wrote:

> I assumed that I would be doing some programming.  ;-)
> Although considering that every commercial site in the world
> needs this functionality, it's a little strange that it's not
> included in the Apache distribution.
> I guess I can hack htpasswd to work in a pipe...
> Thanks
> -chaz
> 
> 
> From: Greg Stein <gstein@lyra.org>
> Yup... it does seem to require interaction (e.g. uses /dev/tty rather
> than stdin). I imagine that you could use the source to htpasswd to
> create your own program. Depending on your OS, you could also generate
> the encrypted values yourself (e.g. using the crypt() function) and
> tweak the user file.
> 
> Either way, you're going to need to do some coding, which may require
> familiarity with functions like crypt() (whether accessed thru C, or
> something like Python or Perl).
> 
> Cheers,
> -g
> 
> Charles Sliger wrote:
> > 
> > Yes, I am interested in both scenarios.
> > On the server, how would I programatically encrypt the
> > password?  htpasswd seems to require interaction.
> > -chaz
> > ____________________________________________________________
> > 
> > From: Greg Stein <gstein@lyra.org>
> > If you don't want passwords passed in the clear, then take a look at
> > "Digest authentication". It is handled by mod_digest on the server. You
> > may need to write your own client-side digest support (I think IE5
> > supports digest, tho).
> > 
> > I'm presuming you're talking about authenticating with the server,
> > rather than setting passwords on the server for future authentication.
> > If the latter, then you will want to use SSL to send the password to the
> > server.
> > ____________________________________________________________
> > 
> > Charles Sliger wrote:
> > > Now that I've taken a look at the man page for htpasswd,
> > > I'm not sure I can use it in a script.  It's apparently
> > > hardwired for interactive use.
> > > -chaz
> > >
> > > I could use htpasswd in a perl script on the server to do this
> > > that is true.  I would prefer to have a way to perform the
> > > encryption on the client side and not pass the password accross
> > > the net cleartext.
> > > -chaz
> > ____________________________________________________________
> > >
> > > From: Chris Ewert <radio_1@geocities.com>
> > > the htpasswd tool could be used to do that.  Its a support program
> > > included in the distribution.  I assume that you are talking about a
> > > .htpasswd file.
> > ____________________________________________________________
> > >
> > > Charles Sliger wrote:
> > > > How do I encrypt a password such that the Apache server
> > > > will understand it?
> > > > I can't seem to find documentation discussing such things
> > > > as the seed used.
> > > > -chaz
> 
> --
> Greg Stein, http://www.lyra.org/
> 

--
Cliff Skolnick
Steam Tunnel Operations
cliff@steam.com
http://www.steam.com/



Mime
View raw message