httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aaron Bannert <aa...@clove.org>
Subject Re: cvs commit: httpd-2.0/support htpasswd.c
Date Tue, 10 Sep 2002 18:31:20 GMT
On Tue, Sep 10, 2002 at 11:19:34AM -0700, Justin Erenkrantz wrote:
> In case you've forgotten, there is no more mod_auth.  So, this is an
> opportunity to rethink how we store passwords.
> 
> I would think a much easier way would be to stop being fuzzy about
> the storage of the passwords and allow specification of what format
> the passwords are in.
> 
> I would much prefer seeing {crypt}, {md5}, {sha1} in the format
> that most LDAP implementations use.  That's definitely cleaner than
> relying on some weird magic symbol that breaks MD5 compatibility.
> 
> And, in order to be backwards compatible, we can leave the $apr1$
> fooness there, but...  Just a thought.  -- justin

Although I like the idea of rethinking these sorts of things, I don't
think we would do well to break current .htpasswd files or homebrew
scripts that do the work of htpasswd.

-aaron

Mime
View raw message