.htaccess or OS related?
lreid at cs.okstate.edu
Mon Jul 7 15:35:46 UTC 2008
Written by Jerry McAllister on 07/07/08 10:26>>
> On Mon, Jul 07, 2008 at 02:18:49PM +0200, Jos Chrispijn wrote:
>> I ran into a problem last night that I was able to solve, but generated a
>> I have this hosting provider (uses Debian OS) on which I can't use htpasswd
>> to generate user and password to protect a single file.
> Probably was not in your path. You may have to find out where it
> is and add that directory to your path or use the full pathname when
> invoking it.
>> To have this done I solved it as follows: did a htpasswd on my own server
>> (FreeBSD 7) and simply copied the file with the user:password (scrambled) to
>> my home directory I have with this hosting provider and referred in the
>> .htaccess to it. And now comes the fun stuff: it worked without probs.
>> So the algorithm that is used on FreeBSD to scramble a user password is the
>> same as it is used by Debian? Isn't that a security gap?
> That is something done by Apache and is common to all implementations
> unless you change it. I never looked, but I think it uses one of
> the commonly use encryption algorithms, maybe even the same one
> used for regular passwords.
In fact it's either an Apache adaptation of MD5, SHA, plaintext, or the
system's crypt(). The encryption mechanism can be specified per-user
with the m,d,s, and p flags.
More information about the freebsd-questions