httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bo Berglund <>
Subject [users@httpd] Re: Cannot get Apache 2 basic authentication working with CRYPT on Win7
Date Tue, 30 Apr 2013 15:55:49 GMT
On Tue, 30 Apr 2013 11:36:47 -0400, Ben Johnson <>

>> Well,
>> I cannot easily change the authentication method at all because the
>> "real" website uses CRYPT passwords and we also have a lot of software
>> in-house that updates these .htpasswd files with new user logins when
>> new customers are granted access to the protected parts of the site.
>Ah, I see. Yes, then the only short-term solution seems to be to resolve
>the issue with .htpasswd files on Windows.

What I can do is to replace the .htpasswd file with for example
passwords in the .htaccess file and then put a few known test users
into that using the htpasswd command, which generates md5 hashes.
Then I can use the test site on my PC and the only thing I must not do
is commit the changed .htaccess file to CVS....

>Nonetheless, you might suggest migrating the "live" server to some form
>of database authentication in the future. It would be much simpler for
>your in-house software to maintain and update a single database table,
>rather than potentially hundreds of .htpassword and .htaccess files.

I guess so, but then I first have to get comfortable using databases
on the website...

>> I have no idea how I could generate MD5 passwords in my software so I
>> am stuck with CRYPT (which I can create).
>> Note that if this is changed I need to do the same on all of the
>> protected folders on the real site...
>Generating MD5 passwords should be trivial in any environment. If you
>have a specific scripting language or similar, I'd be happy to provide
>examples. However, based on what you say above, changing from CRYPT to
>MD5 sounds like as much or more work as getting CRYPT to work on Windows.

I could probably call the Apache htpasswd program from within my own
program and supply it with parameter -c to create a new file and then
I read that back. Like this:
htpasswd.exe -cb passwordfile username password

>I wouldn't go that far. There has to be a way to make CRYPT work on
>Windows. I'll do some more research (and attempt to get this working on
>my own machine) and provide an update.

The problem is getting Apache on Win7 to recognize CRYPT:ed passwords.
Creating them is no big deal, I already have software components for
that. But getting Apache to read them is....

I cannot understand why they left that out of Apache when compiling
for Windows....

Bo Berglund
Developer in Sweden

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message