[rt-users] RT3 encryption
Robert Spier
rspier at pobox.com
Wed Nov 26 10:59:15 EST 2003
> Right. Do you know if there's a way for apache's 'htaccess'
> mechanism to read a salt-less MD5 password? I haven't been able to
> get this to work yet.
I'm not sure it will.
Definitely what it writes, is incompatible:
The MD5 algorithm used by htpasswd is specific to the Apache
software; passwords encrypted using it will not be usable with
other Web servers.
http://httpd.apache.org/docs-2.0/programs/htpasswd.html
$ /home/perl/apache2/bin/htpasswd -bnm username password
username:$apr1$YPiUc/..$jJcpU6953ESwoLsnVpaQq.
Note the "type" of apr1.
Linux generates:
$1$MGw18b6V$GUmR55ftPBz0iWPkPAWUU1
Longer term, RT should switch to salting its MD5 hashes. Or maybe
some pepper. That's probably a 3.2 thing.
Crypt::PasswdMD5 does both Linux/FreeBSD style MD5 and Apache
style.. which leads to all sort of fun.
But sadly, this doesn't help your immediate problem.
-R
More information about the rt-users
mailing list