Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 3073 invoked from network); 26 Apr 2006 12:52:49 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 26 Apr 2006 12:52:49 -0000 Received: (qmail 98482 invoked by uid 500); 26 Apr 2006 12:52:39 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 98473 invoked by uid 500); 26 Apr 2006 12:52:38 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 98462 invoked by uid 99); 26 Apr 2006 12:52:38 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 26 Apr 2006 05:52:38 -0700 X-ASF-Spam-Status: No, hits=0.9 required=10.0 tests=HTML_10_20,HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: domain of jacob.arun@gmail.com designates 64.233.166.181 as permitted sender) Received: from [64.233.166.181] (HELO pproxy.gmail.com) (64.233.166.181) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 26 Apr 2006 05:52:35 -0700 Received: by pproxy.gmail.com with SMTP id c63so1531092pyc for ; Wed, 26 Apr 2006 05:52:15 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type; b=Z4d9V4C08CCAA4BAYhreKL1HuLpoJQlFJxublVTjeXoaRhCC9tT4It5uPRZpopB3obK5IHqUDIWCR8xqdkqzrw+8DQ2nU+AVLMTTdEEUKUfgnzwVAfHwQANbN7oJ25bnUhoflvjneU2Qj3el2nKMnQzPBZZTcwt3X8ZwIdooGjU= Received: by 10.35.109.2 with SMTP id l2mr998772pym; Wed, 26 Apr 2006 05:52:15 -0700 (PDT) Received: by 10.35.99.17 with HTTP; Wed, 26 Apr 2006 05:52:15 -0700 (PDT) Message-ID: <56f5e4ea0604260552l4a7eab89m8d79910f8792d49b@mail.gmail.com> Date: Wed, 26 Apr 2006 20:52:15 +0800 From: "Arun Jacob" To: users@httpd.apache.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_9455_27810026.1146055935346" X-Virus-Checked: Checked by ClamAV on apache.org Subject: [users@httpd] htadm and htpasswd X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N ------=_Part_9455_27810026.1146055935346 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Background =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Currently, we have an web application running on an OS/390 mainframe under mainframe Unix Shared Services. The webserver is IBM HTTP Server, which is = a rebranded version of Apache. This application is being migrated to AIX. Currently in the mainframe, the password hashing and verification is being done by a utility called HTADM that comes with IBM HTTP Server on OS/390. For generating a hash of a plaintext_pwd, HTADM uses the Unix crypt(3) with a random 2 char salt. 1st 2 chars of the generated hash is the salt. To verify a cleartext_pwd against the stored hash_pwd for a user, HTADM takes the 1st 2 chars of the hash as the salt and passes it with the cleartext_pwd to crypt(3) to generate another hash. This hash should be the same as the stored hash My questions =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >> HTADM is not available on IBM HTTP Server for Apache. How can I get it? I can find only htpasswd, which is limited in functionality compared to htadm >> htpasswd limitation is that it cannot verify a password to one that is passed to it. At least the parameters dont have the option. Is there a way to use htpasswd to verify a stored password >> I got a set of cleartext_pwd ----> hash mappings generated on the OS/390 using HTADM. Now i tried to verify if I could get the same hash using a separate implementation of crypt(3) found on this website. http://javascript.internet.com/passwords/unix-crypt(3)-encryption.html But the hash generated using this separate implementation does not match. So is crypt(3) implemented differently on OS/390 comapred to AIX and other Unix OS's. Thanks in advance ------=_Part_9455_27810026.1146055935346 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Background
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D
Currently, we have an web application running on an OS/390 mainframe= under mainframe Unix Shared Services. The webserver is IBM HTTP Server, wh= ich is a rebranded version of Apache.

This application is being migrated to AIX.

Currently in the main= frame, the password hashing and verification is being done by a utility cal= led HTADM that comes with IBM HTTP Server on OS/390.  
For generati= ng a hash of a plaintext_pwd, HTADM uses the Unix crypt(3) with a random 2 = char salt. 1st 2 chars of the generated hash is the salt.
To verify a cleartext_pwd against the stored hash_pwd for a user, HTADM= takes the 1st 2 chars of the hash as the salt and passes it with the clear= text_pwd to crypt(3) to generate another hash. This hash should be the same= as the stored hash

My questions
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D
>> HTADM is not available on IBM HTTP Server for A= pache. How can I get it?
I can find only htpasswd, which is limited in f= unctionality compared to htadm

>> htpasswd limitation is that = it cannot verify a password to one that is passed to it. At least the param= eters dont have the option. Is there a way to use htpasswd to verify a stor= ed password

>> I got a set of cleartext_pwd ----> hash mappings genera= ted on the OS/390 using HTADM. Now i tried to verify if I could get the sam= e hash using a separate implementation of crypt(3) found on this website.
http://javascript.internet.com/passwords/unix-crypt(3)-encrypti= on.html
But the hash generated using this separate implementation d= oes not match.

So is crypt(3) implemented differently on OS/390 comapred to AIX an= d other Unix OS's.


Thanks in advance

------=_Part_9455_27810026.1146055935346--