coar99/04/10 08:08:46
Modified:src CHANGES
src/support htpasswd.1 htpasswd.c
Log:
Fix typos that were limiting passwords on Win32 to 8 characters, and
add some more documentation.
Submitted by: Pointed out by [EMAIL PROTECTED]
Revision ChangesPath
1.1305+4 -0 apache-1.3/src/CHANGES
Index: CHANGES
===
RCS file: /home/cvs/apache-1.3/src/CHANGES,v
retrieving revision 1.1304
retrieving revision 1.1305
diff -u -r1.1304 -r1.1305
--- CHANGES 1999/04/09 13:06:26 1.1304
+++ CHANGES 1999/04/10 15:08:43 1.1305
@@ -1,5 +1,9 @@
Changes with Apache 1.3.7
+ *) Correct an apparent typo: on the Windows and MPE platforms, the
+ htpasswd utility was limiting passwords to only 8 characters.
+ [Ken Coar]
+
*) EBCDIC platforms: David submitted patches for two bugs in the
MD5 digest port for EBCDIC machines:
a) the htdigest utility overwrote the old contents of the digest file
1.10 +53 -2 apache-1.3/src/support/htpasswd.1
Index: htpasswd.1
===
RCS file: /home/cvs/apache-1.3/src/support/htpasswd.1,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- htpasswd.11999/04/08 22:17:51 1.9
+++ htpasswd.11999/04/10 15:08:45 1.10
@@ -96,12 +96,20 @@
DBM database see
\fBdbmmanage\fP.
.PP
+.B htpasswd
+encrypts passwords using either a version of MD5 modified for Apache,
+or the system's \fIcrypt()\fP routine. Files managed by
+.B htpasswd
+may contain both types of passwords; some user records may have
+MD5-encrypted passwords while others in the same file may have passwords
+encrypted with \fIcrypt()\fP.
+.PP
This manual page only lists the command line arguments. For details of
the directives necessary to configure user authentication in
.B httpd
see
the Apache manual, which is part of the Apache distribution or can be
-found at http://www.apache.org/.
+found at URL:http://www.apache.org/.
.SH OPTIONS
.IP \-b
Use batch mode; \fIi.e.\fP, get the password from the command line
@@ -135,6 +143,49 @@
entered interactively and the verification entry didn't match, 4 if
its operation was interrupted, and 5 if a value is too long (username,
filename, password, or final computed record).
+.SH EXAMPLES
+\fBhtpasswd /usr/local/etc/apache/.htpasswd-users jsmith\fP
+.IP
+Adds or modifies the password for user \fIjsmith\fP.
+The user is prompted for the password. If executed
+on a Windows system, the password will be encrypted using the
+modified Apache MD5 algorithm; otherwise, the system's
+\fIcrypt()\fP routine will be used. If the file does not
+exist,
+.B htpasswd
+will do nothing except return an error.
+.LP
+\fBhtpasswd -c /home/doe/public_html/.htpasswd jane\fP
+.IP
+Creates a new file and stores a record in it for user \fIjane\fP.
+The user is prompted for the password.
+If the file exists and cannot be read, or cannot be written,
+it is not altered and
+.B htpasswd
+will display a message and return an error status.
+.LP
+\fBhtpasswd -mb /usr/web/.htpasswd-all jones Pwd4Steve\fP
+.IP
+Encrypts the password from the command line (\fIPwd4Steve\fP) using
+the MD5 algorithm, and stores it in the specified file.
+.LP
+.SH SECURITY CONSIDERATIONS
+Web password files such as those managed by
+.B htpasswd
+should \fBnot\fP be within the Web server's URI space -- that is,
+they should not be fetchable with a browser.
+.PP
+The use of the \fI-b\fP option is discouraged, since when it is
+used the unencrypted password appears on the command line.
+.SH RESTRICTIONS
+On the Windows and MPE platforms, passwords encrypted with
+.B htpasswd
+are limited to no more than 80 characters in length. Longer
+passwords will be truncated to 80 characters.
+.PP
+The MD5 algorithm used by
+.B htpasswd
+is specific to the Apache software; passwords encrypted using it will not be
+usable with other Web servers.
.SH SEE ALSO
.BR httpd(8)
-.
1.28 +4 -4 apache-1.3/src/support/htpasswd.c
Index: htpasswd.c
===
RCS file: /home/cvs/apache-1.3/src/support/htpasswd.c,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -r1.27 -r1.28
--- htpasswd.c1999/04/10 03:45:59 1.27
+++ htpasswd.c1999/04/10 15:08:45 1.28
@@ -181,8 +181,8 @@
fputs(prompt, stderr);
gets((char *) password);
-if (strlen((char *) password) 8) {
- password[8] = '\0';
+if (strlen((char *) password) 80) {
+ password[80] = '\0';
}
return (char *) password;
@@ -217,8 +217,8 @@