On 9/22/05, Rick DeNatale <[EMAIL PROTECTED]> wrote: > On 9/22/05, Timothy Chagnon <[EMAIL PROTECTED]> wrote: > > Since apache2 or thereabouts, htpasswd entries can use MD5 hashes just > > like the /etc/shadow file. And they're both colon delimited, so you > > just need to take the first two columns from the shadow file. > > To do this you need to use mod_auth_digest, but first read the caveats > in the documentation: > http://httpd.apache.org/docs/2.0/mod/mod_auth_digest.html
No, I wasn't implying the use of auth_digest. I still just use AuthType Basic over an HTTPS connection. Digest means that the browser hashes it into MD5 and sends that, avoiding clear-text. The method I meant still just sends clear-text from the browser to apache which hashes it and compares with the htpasswd file. Apache can just use MD5 now. But yeah, Tanner has the better method with mod_auth_pam. I should change to using that, just keep forgetting about it. -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
