Written by Jerry McAllister on 07/07/08 10:26>>
> On Mon, Jul 07, 2008 at 02:18:49PM +0200, Jos Chrispijn wrote:
>> I ran into a problem last night that I was able to solve, but generated a
>> question:
>> I have this hosting provider (uses Debian OS) on which I can't use htpasswd
>> to generate user and password to protect a single file. 
> Probably was not in your path.   You may have to find out where it
> is and add that directory to your path or use the full pathname when
> invoking it.
>> To have this done I solved it as follows: did a htpasswd on my own server
>> (FreeBSD 7) and simply copied the file with the user:password (scrambled) to
>> my home directory I have with this hosting provider and referred in the
>> .htaccess to it. And now comes the fun stuff: it worked without probs.
>> So the algorithm that is used on FreeBSD to scramble a user password is the
>> same as it is used by Debian? Isn't that a security gap?
> That is something done by Apache and is common to all implementations
> unless you change it.   I never looked, but I think it uses one of
> the commonly use encryption algorithms, maybe even the same one
> used for regular passwords.
> ////jerry

In fact it's either an Apache adaptation of MD5, SHA, plaintext, or the
system's crypt(). The encryption mechanism can be specified per-user
with the m,d,s, and p flags.

freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to