On Tue, Sep 10, 2002 at 12:46:40PM -0500, William A. Rowe, Jr. wrote:
> You missed the point, anything that htpasswd or htdigest produce
> must be parsable by mod_auth or mod_auth_digest, respectively.
In case you've forgotten, there is no more mod_auth. So, this is an
opportunity to rethink how we store passwords.
I would think a much easier way would be to stop being fuzzy about
the storage of the passwords and allow specification of what format
the passwords are in.
I would much prefer seeing {crypt}, {md5}, {sha1} in the format
that most LDAP implementations use. That's definitely cleaner than
relying on some weird magic symbol that breaks MD5 compatibility.
And, in order to be backwards compatible, we can leave the $apr1$
fooness there, but... Just a thought. -- justin
