On 4/10/06, William A. Rowe, Jr. <[EMAIL PROTECTED]> wrote: > Nick Kew wrote: > > > > Whilst this is clearly an edge-case, is it necessarily true that any > > platform with APR_HAVE_CRYPT won't support plaintext passwords? > > AIUI - apache has always been an either or - it's either plaintext on > platforms without crypt, or crypt on platforms with such support.
Right; quite bogusly, the file format is even busted... There is a decoration for md5 hash and a decoration for sha1 has, but no decoration means: a) platform-has-crypt - treat the undecorated password hash as crypt-ed; no provision for plaintext b) platform-does-not-have-crypt - treat the undecorated password "hash" as plaintext
