Hello! On Mon, Oct 09, 2017 at 11:18:47PM +0300, Leonid Evdokimov wrote:
> On Mon, Oct 09, 2017 at 10:44:11PM +0300, Maxim Dounin wrote: > > All crypt() schemes available on a particular OS are supported, and > > this is what is written in the above paragraph. > > I added that note to provide disambiguation that actual libc crypt() is > used, I was under assumption that some only "plain old crypt()" is > actually supported (like DES one) as the example does not refer to > system crypt(), but refers to openssl and htpasswd. I was unaware of > platform crypt() call till I have actually looked at the source code :) The paragraph in question is expected to say that nginx uses the crypt() function as provided by system libraries. If it is not clear, we can consider improving the wording, and/or providing examples on how to use the tools mentioned to generate various types of passwords understood by crypt(). In particular, openssl by default generates traditional crypt() hashes, and can be used to generate $1$ hashes with the "-1" switch: $ openssl passwd foo GLJoKLSDZtEYU $ openssl passwd -1 foo $1$k8V9xFsq$y6xcPzRK5YW1QubxEm9kL1 (Not-yet-released openssl 1.1.1 also supports "-5" and "-6", though I would rather refrain from providing relevant examples.) > > It is not clear why to document $5$ and $6$ explicitly. > > That's just an example. These two are documented in crypt(3) manpage: > MD5-based $1$ is already documented and $2a$ is not available in > "default" build of glibc. It is not clear what you mean by saying "MD5-based $1$ is already documented". In nginx documentation there is nothing about $1$. There is a paragraph about $apr1$, Apache variant of $1$, which is similar, but is not crypt()-based - instead, it is explicitly implemented as a platform-independent solution which is available on all platforms including Windows. And this is why it is documented explicitly. -- Maxim Dounin http://nginx.org/ _______________________________________________ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
