Date: Mon, 07 Jul 2008 10:35:43 -0500 From: Reid Linnemann <lreid@cs.okstate.edu> To: Jerry McAllister <jerrymc@msu.edu> Cc: Jos Chrispijn <jos@webrz.net>, freebsd-questions@freebsd.org Subject: Re: .htaccess or OS related? Message-ID: <487237CF.1030707@cs.okstate.edu> In-Reply-To: <20080707152634.GI74244@gizmo.acns.msu.edu> References: <001201c8e02b$9c6e9ed0$d54bdc70$@net> <20080707152634.GI74244@gizmo.acns.msu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Written by Jerry McAllister on 07/07/08 10:26>> > On Mon, Jul 07, 2008 at 02:18:49PM +0200, Jos Chrispijn wrote: > >> I ran into a problem last night that I was able to solve, but generated a >> question: >> >> I have this hosting provider (uses Debian OS) on which I can't use htpasswd >> to generate user and password to protect a single file. > > Probably was not in your path. You may have to find out where it > is and add that directory to your path or use the full pathname when > invoking it. > > >> To have this done I solved it as follows: did a htpasswd on my own server >> (FreeBSD 7) and simply copied the file with the user:password (scrambled) to >> my home directory I have with this hosting provider and referred in the >> .htaccess to it. And now comes the fun stuff: it worked without probs. >> >> >> So the algorithm that is used on FreeBSD to scramble a user password is the >> same as it is used by Debian? Isn't that a security gap? > > That is something done by Apache and is common to all implementations > unless you change it. I never looked, but I think it uses one of > the commonly use encryption algorithms, maybe even the same one > used for regular passwords. > > > ////jerry > > In fact it's either an Apache adaptation of MD5, SHA, plaintext, or the system's crypt(). The encryption mechanism can be specified per-user with the m,d,s, and p flags.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?487237CF.1030707>