On Tue, 10 Sep 2002, William A. Rowe, Jr. wrote: > At 01:36 AM 9/10/2002, Justin Erenkrantz wrote: > >On Tue, Sep 10, 2002 at 03:00:51AM -0000, [EMAIL PROTECTED] wrote: > > > jerenkrantz 2002/09/09 20:00:50 > > > > > > Modified: . CHANGES > > > support htpasswd.c > > > Log: > > > Add ability to htpasswd (via -5) to produce non-obfuscated MD5 hashes. > > > > > > mod_auth_digest's passwords can not be obfuscated by the APR magic > > > sequence (as we don't call apr_password_validate on them), therefore we > > > need a tool to produce true MD5 hex hashes. > > > >Well, obviously, I needed to go back to mod_auth_digest school as > >htpasswd has nothing to do with mod_auth_digest which uses a > >completely different format. (I somehow forgot about htdigest.) > > > >But, I still think producing unobfuscated md5 hashes is a useful > >option, so I'll leave this commit in. -- justin > > Can it be parsed by mod_auth from an .htpasswd file? > > If not, please revert the commit.
I agree with Bill. Please revert this commit. The problem is that mod_auth can't tell the difference between crypt() and MD5 without the string, which is why it was added in the first place. Also, MD5 isn't as portable as we had originally hoped. Some of the BSDs have modified their crypt() algorithm, which uses MD5, to use a slightly incompatible MD5. This means that if you try to take a crypt() password file to from a BSD machine, and move it to another box and try to make it use our MD5 algorithm, it won't work. Ryan _______________________________________________________________________________ Ryan Bloom [EMAIL PROTECTED] 550 Jean St Oakland CA 94610 -------------------------------------------------------------------------------
