httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Leif W" <warp-...@usa.net>
Subject Re: [users@httpd] htpasswd question
Date Wed, 22 Oct 2003 20:59:15 GMT
----- Original Message ----- 
From: "Michael Scott" <mscott@pyewacket.org>
To: <users@httpd.apache.org>
Sent: Wednesday, October 22, 2003 4:27 PM
Subject: Re: [users@httpd] htpasswd question


> Quoting Leif W <warp-9.9@usa.net>:
>
> > You might also want to check out Apache::Htpasswd module, and maybe
> > later
> > Apache::Htgroup.  A note about Apache::Htpasswd, it has some broken
> > points,
> > especially on windows, as it doesn't handle MD5 passwords.  I've hacked
>
> IMO Windows itself is essentially "broken" :-)

While I'd have to agree with you there, the "broken" bit I was referring to
was the Perl module, Apache::Htpasswd.  It only handles crypt passwords, and
my hack was to make it more robust, to handle the MD5 format password
generated by htpasswd.

<defiant> [2003-10-22@16:31:21] /var/www -> htpasswd -bn test test # crypt
test:kKzOVWlW//YQk

<defiant> [2003-10-22@16:31:31] /var/www -> htpasswd -bnm test test # MD5
test:$apr1$hIaZg...$gzSUl15V9PM0SOHWuHwyu0

While I try to use Linux or FreeBSD whenever I can (note the bash prompt, it
came from Debian/Linux), sometimes a customer may not have that option.
Sometimes they may start off on Unix and get moved to WIndows.  Sometimes
you might get handed a project and told to put it on windows.  Wouldn't it
be nice to know then that the module worked for you instead of worrying?
:-)

Ahh, now I notice that the apache htpasswd MD5 string has changed a bit, now
it's 5 randoms and 3 dots for the 8 char salt.  No, 1 dot or slash (random
50/50), then 2 dots.  So the format is yet again slightly different.  I
could easily go back to the module and tell it to use more dots for random
chars for the salt string.

> I'm running this on a RH9 box.
> I did put together a 2-piece (1,html 1,perl) solution that I'd be happy to
> share.  Nothing fancy, the html form requires the user name, old password,
and
> new password twice.  It feeds this via an HTTP POST to the perl script.
> I could post it to the list as it's not very large, but I don't want to
tie up
> bandwidth.  The preferred method would probably be, you can email me
off-list
> and I'd be glad to send you a copy.

Yeah let's swap scripts so we can see what we're talking about.  :-)

Leif

> ----------------------
> - Mike Scott
> - mscott@pyewacket.org
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message