httpd does not ;-) htdbm/htpasswd et al do.
Bill [httpd-2.2]$ grep -r crypt modules/aaa/* [httpd-2.2]$ grep -r apr_password modules/aaa/* modules/aaa/mod_auth_basic.c:#include "apr_md5.h" /* for apr_password_validate */ modules/aaa/mod_authn_dbd.c: rv = apr_password_validate(password, dbd_password); modules/aaa/mod_authn_dbm.c:#include "apr_md5.h" /* for apr_password_validate */ modules/aaa/mod_authn_dbm.c: rv = apr_password_validate(password, dbm_password); modules/aaa/mod_authn_file.c:#include "apr_md5.h" /* for apr_password_validate */ modules/aaa/mod_authn_file.c: status = apr_password_validate(password, file_password); modules/aaa/mod_authz_default.c:#include "apr_md5.h" /* for apr_password_validate */ David Jones wrote: > Re: Jeff's last note, yes httpd does call crypt() directly, > > Any other questions that need discussion / resolution? > > David Jones > -- > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > > On 3/16/07, *Jeff Trawick* <[EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]>> wrote: > > On 3/16/07, William A. Rowe, Jr. <[EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]>> wrote: > > Jeff Trawick wrote: > > > > > > APR doesn't pretend to figure out for APR apps exactly what the > system > > > provides, though there is currently a spotty set of APR_HAS_foo. > > > > > > Meanwhile, httpd goes and searches on its own for things APR doesn't > > > tell anyone about. I'm curious about other opinions on whether > or not > > > it is APR's job to tell what is available. > > > > In httpd, we don't call crypt(), we call APR > > maybe this is the point of confusion... > > httpd does call crypt() > > $ grep crypt support/*c > ... > support/htdbm.c: apr_cpystrn(cpw, crypt(htdbm->userpass, > salt), sizeof(cpw) - 1); > ... > support/htpasswd.c: apr_cpystrn(cpw, crypt(pw, salt), > sizeof(cpw) - 1); > ... > >