This message is complete hand-waving. The point of htpasswd is to create password files for mod_auth. It doesn't create password files for use with other authentication schemes. More to the point, if anybody ever uses this option, it will FAIL with mod_auth. That violates the principle of least astonishment. If you don't document it, then it might as well not be there.
Ryan On Tue, 10 Sep 2002, Justin Erenkrantz wrote: > On Tue, Sep 10, 2002 at 11:57:08AM -0400, [EMAIL PROTECTED] wrote: > > I agree with Bill. Please revert this commit. The problem is that > > And, I think there is power in giving the user the choice to have > correct MD5 hashes produced. Not every use of htpasswd is going to > be fed into apr_password_validate(). If I were to write a new > auth scheme or a CGI script where the client sends a correct MD5 > hash of their password and I needed to verify that hash, this > option would be essential. > > It isn't the default (heck, we could remove the option from the > help or rot13 the option description), but even if it produces > something not portable with apr_password_validate() but is a correct > MD5 hash, I think we should allow users to produce it. -- justin > -- _______________________________________________________________________________ Ryan Bloom [EMAIL PROTECTED] 550 Jean St Oakland CA 94610 -------------------------------------------------------------------------------
