httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Mentovai <mark-l...@mentovai.com>
Subject Re: Security
Date Sun, 14 Jul 2002 22:29:59 GMT
jffusion@juno.com wrote:
> I'm using Windows 2000
> with apache 1.3.2.3

Is that 1.3.23?  You should consider an upgrade.

What hashing algorithm are you using?  Apache on Windows doesn't do 
crypt; the hash of a password with no explicit algorithm is defined to 
be the plaintext of the password itself.  (This is probably not what 
you want to do.)

> I wrote a script to write login info to a .htpasswd file
> a .htaccess is in the same dir with this setup

What's your script doing?  What happens if you create .htpasswd with 
the htpasswd utility?  On Windows, htpasswd uses MD5 by default or if 
crypt is requested.

> Everything works except that apache does not seem to recognize the
> .htpasswd file
> I receive a challenge from the server for username and password but
> when
> entered it will not recognize it.

Your options are to use MD5 or SHA-1 hashes in password file, or to use 
plaintext passwords (fine for testing but not recommended for 
production use).  htpasswd can hash to both MD5 and SHA-1.

If your hashes are correct and you're still having trouble, check your 
error log(s) for related messages.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message