On Tue, 30 Apr 2013 11:36:47 -0400, Ben Johnson <ben@xxxxxxxxxxxxxxxx> wrote: >> Well, >> I cannot easily change the authentication method at all because the >> "real" website uses CRYPT passwords and we also have a lot of software >> in-house that updates these .htpasswd files with new user logins when >> new customers are granted access to the protected parts of the site. > >Ah, I see. Yes, then the only short-term solution seems to be to resolve >the issue with .htpasswd files on Windows. What I can do is to replace the .htpasswd file with for example passwords in the .htaccess file and then put a few known test users into that using the htpasswd command, which generates md5 hashes. Then I can use the test site on my PC and the only thing I must not do is commit the changed .htaccess file to CVS.... >Nonetheless, you might suggest migrating the "live" server to some form >of database authentication in the future. It would be much simpler for >your in-house software to maintain and update a single database table, >rather than potentially hundreds of .htpassword and .htaccess files. I guess so, but then I first have to get comfortable using databases on the website... >> I have no idea how I could generate MD5 passwords in my software so I >> am stuck with CRYPT (which I can create). >> Note that if this is changed I need to do the same on all of the >> protected folders on the real site... > >Generating MD5 passwords should be trivial in any environment. If you >have a specific scripting language or similar, I'd be happy to provide >examples. However, based on what you say above, changing from CRYPT to >MD5 sounds like as much or more work as getting CRYPT to work on Windows. I could probably call the Apache htpasswd program from within my own program and supply it with parameter -c to create a new file and then I read that back. Like this: htpasswd.exe -cb passwordfile username password > >I wouldn't go that far. There has to be a way to make CRYPT work on >Windows. I'll do some more research (and attempt to get this working on >my own machine) and provide an update. > The problem is getting Apache on Win7 to recognize CRYPT:ed passwords. Creating them is no big deal, I already have software components for that. But getting Apache to read them is.... I cannot understand why they left that out of Apache when compiling for Windows.... -- Bo Berglund Developer in Sweden --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|