On Tue, Sep 10, 2002 at 11:19:34AM -0700, Justin Erenkrantz wrote:
> In case you've forgotten, there is no more mod_auth. So, this is an
> opportunity to rethink how we store passwords.
>
> I would think a much easier way would be to stop being fuzzy about
> the storage of the passwords and allow specification of what format
> the passwords are in.
>
> I would much prefer seeing {crypt}, {md5}, {sha1} in the format
> that most LDAP implementations use. That's definitely cleaner than
> relying on some weird magic symbol that breaks MD5 compatibility.
>
> And, in order to be backwards compatible, we can leave the $apr1$
> fooness there, but... Just a thought. -- justin
Although I like the idea of rethinking these sorts of things, I don't
think we would do well to break current .htpasswd files or homebrew
scripts that do the work of htpasswd.
-aaron
