[TriLUG] apache passwd management strategies (subversion)
Timothy A. Chagnon
tachagnon at gmail.com
Thu Sep 22 20:59:42 EDT 2005
On 9/22/05, Rick DeNatale <rick.denatale at gmail.com> wrote:
> On 9/22/05, Timothy Chagnon <tachagnon at gmail.com> wrote:
> > Since apache2 or thereabouts, htpasswd entries can use MD5 hashes just
> > like the /etc/shadow file. And they're both colon delimited, so you
> > just need to take the first two columns from the shadow file.
>
> To do this you need to use mod_auth_digest, but first read the caveats
> in the documentation:
> http://httpd.apache.org/docs/2.0/mod/mod_auth_digest.html
No, I wasn't implying the use of auth_digest. I still just use
AuthType Basic over an HTTPS connection. Digest means that the
browser hashes it into MD5 and sends that, avoiding clear-text. The
method I meant still just sends clear-text from the browser to apache
which hashes it and compares with the htpasswd file. Apache can just
use MD5 now.
But yeah, Tanner has the better method with mod_auth_pam. I should
change to using that, just keep forgetting about it.
More information about the TriLUG
mailing list