On Tue, Sep 10, 2002 at 11:19:34AM -0700, Justin Erenkrantz wrote: > In case you've forgotten, there is no more mod_auth. So, this is an > opportunity to rethink how we store passwords. > > I would think a much easier way would be to stop being fuzzy about > the storage of the passwords and allow specification of what format > the passwords are in. > > I would much prefer seeing {crypt}, {md5}, {sha1} in the format > that most LDAP implementations use. That's definitely cleaner than > relying on some weird magic symbol that breaks MD5 compatibility. > > And, in order to be backwards compatible, we can leave the $apr1$ > fooness there, but... Just a thought. -- justin
Although I like the idea of rethinking these sorts of things, I don't think we would do well to break current .htpasswd files or homebrew scripts that do the work of htpasswd. -aaron