httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Leif W" <warp-...@usa.net>
Subject Re: [users@httpd] htpasswd question
Date Wed, 22 Oct 2003 16:06:17 GMT
----- Original Message ----- 
From: "Michael Scott" <mscott@pyewacket.org>
To: <users@httpd.apache.org>
Sent: Monday, October 20, 2003 11:41 AM
Subject: RE: [users@httpd] htpasswd question


> Quoting Boyle Owen <Owen.Boyle@swx.com>:
>
> > Be careful not to re-invent the wheel! If you're using Perl, the
> > "crypt"
> > function does this for you in one line:
> >
> > my $encrypted = crypt($plaintext, $salt);

You might also want to check out Apache::Htpasswd module, and maybe later
Apache::Htgroup.  A note about Apache::Htpasswd, it has some broken points,
especially on windows, as it doesn't handle MD5 passwords.  I've hacked the
source to fix this and submitted a patch to the author but I never got a
reply and the patch was never applied.  So I have a local copy.  Official
version 1.5.5, my version 1.5.6.  I can send off-list if interested.  The
Apache htpasswd on windows makes a string that differs slightly from the
plain crypt by default.  Also note that my hacked version creates a
dependency on Crypt::PasswdMD5 for the "apache_md5_crypt( $passwd, $salt )"
subroutine.

Example MD5 crypted password (windows default):

$apr1$Ty2.....$ZwqsUjB4vpx3m6R58kFW6.

Where the string is broken down like this:

$apr1$ : just a token that is always put in there.
Ty2..... : 8 char salt, 3 randoms from '.', '/', 0..9, 'A'..'Z', 'a'..'z',
and 5 dots.
$ : some kind of separator
ZwqsUjB4vpx3m6R58kFW6. : crypted password

Leif

> Thanks!!! You just saved me a LOT of time.
> I'm using perl as the CGI language, but I'm learning that as well.
> It's always fun when learning to code in a language (perl) that outputs to
> another language (html) that I'm also learning.  Throw in server
configuration
> and, Ow! my brain hurts!
>
> ----------------------
> - Mike Scott
> - mscott@pyewacket.org
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message