On Tue, Sep 10, 2002 at 12:46:40PM -0500, William A. Rowe, Jr. wrote: > You missed the point, anything that htpasswd or htdigest produce > must be parsable by mod_auth or mod_auth_digest, respectively.
In case you've forgotten, there is no more mod_auth. So, this is an opportunity to rethink how we store passwords. I would think a much easier way would be to stop being fuzzy about the storage of the passwords and allow specification of what format the passwords are in. I would much prefer seeing {crypt}, {md5}, {sha1} in the format that most LDAP implementations use. That's definitely cleaner than relying on some weird magic symbol that breaks MD5 compatibility. And, in order to be backwards compatible, we can leave the $apr1$ fooness there, but... Just a thought. -- justin