From owner-freebsd-questions@FreeBSD.ORG Mon Jul 7 15:35:46 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0A2C9106566C for ; Mon, 7 Jul 2008 15:35:46 +0000 (UTC) (envelope-from lreid@cs.okstate.edu) Received: from a.cs.okstate.edu (a.cs.okstate.edu [139.78.113.1]) by mx1.freebsd.org (Postfix) with ESMTP id DECF78FC13 for ; Mon, 7 Jul 2008 15:35:45 +0000 (UTC) (envelope-from lreid@cs.okstate.edu) Received: from [127.0.0.1] (localhost [127.0.0.1]) by a.cs.okstate.edu (Postfix) with ESMTP id F0FA9154CB7; Mon, 7 Jul 2008 10:35:44 -0500 (CDT) Message-ID: <487237CF.1030707@cs.okstate.edu> Date: Mon, 07 Jul 2008 10:35:43 -0500 From: Reid Linnemann User-Agent: Thunderbird 2.0.0.6 (X11/20070926) MIME-Version: 1.0 To: Jerry McAllister References: <001201c8e02b$9c6e9ed0$d54bdc70$@net> <20080707152634.GI74244@gizmo.acns.msu.edu> In-Reply-To: <20080707152634.GI74244@gizmo.acns.msu.edu> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: Jos Chrispijn , freebsd-questions@freebsd.org Subject: Re: .htaccess or OS related? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Jul 2008 15:35:46 -0000 Written by Jerry McAllister on 07/07/08 10:26>> > On Mon, Jul 07, 2008 at 02:18:49PM +0200, Jos Chrispijn wrote: > >> I ran into a problem last night that I was able to solve, but generated a >> question: >> >> I have this hosting provider (uses Debian OS) on which I can't use htpasswd >> to generate user and password to protect a single file. > > Probably was not in your path. You may have to find out where it > is and add that directory to your path or use the full pathname when > invoking it. > > >> To have this done I solved it as follows: did a htpasswd on my own server >> (FreeBSD 7) and simply copied the file with the user:password (scrambled) to >> my home directory I have with this hosting provider and referred in the >> .htaccess to it. And now comes the fun stuff: it worked without probs. >> >> >> So the algorithm that is used on FreeBSD to scramble a user password is the >> same as it is used by Debian? Isn't that a security gap? > > That is something done by Apache and is common to all implementations > unless you change it. I never looked, but I think it uses one of > the commonly use encryption algorithms, maybe even the same one > used for regular passwords. > > > ////jerry > > In fact it's either an Apache adaptation of MD5, SHA, plaintext, or the system's crypt(). The encryption mechanism can be specified per-user with the m,d,s, and p flags.