.htaccess or OS related?

Jerry McAllister jerrymc at msu.edu
Mon Jul 7 15:29:08 UTC 2008


On Mon, Jul 07, 2008 at 02:18:49PM +0200, Jos Chrispijn wrote:

> I ran into a problem last night that I was able to solve, but generated a
> question:
> 
> I have this hosting provider (uses Debian OS) on which I can't use htpasswd
> to generate user and password to protect a single file. 

Probably was not in your path.   You may have to find out where it
is and add that directory to your path or use the full pathname when
invoking it.


> 
> To have this done I solved it as follows: did a htpasswd on my own server
> (FreeBSD 7) and simply copied the file with the user:password (scrambled) to
> my home directory I have with this hosting provider and referred in the
> .htaccess to it. And now comes the fun stuff: it worked without probs.
> 
> 
> So the algorithm that is used on FreeBSD to scramble a user password is the
> same as it is used by Debian? Isn't that a security gap?

That is something done by Apache and is common to all implementations
unless you change it.   I never looked, but I think it uses one of
the commonly use encryption algorithms, maybe even the same one
used for regular passwords.


////jerry


> 
> Jos
> 
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"


More information about the freebsd-questions mailing list