[users@httpd] htadm and htpasswd
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Background
=====================
Currently, we have an web application running on an OS/390 mainframe under mainframe Unix Shared Services. The webserver is IBM HTTP Server, which is a rebranded version of Apache.
This application is being migrated to AIX.
Currently in the mainframe, the password hashing and verification is being done by a utility called HTADM that comes with IBM HTTP Server on OS/390.
For generating a hash of a plaintext_pwd, HTADM uses the Unix crypt(3) with a random 2 char salt. 1st 2 chars of the generated hash is the salt.
To verify a cleartext_pwd against the stored hash_pwd for a user, HTADM takes the 1st 2 chars of the hash as the salt and passes it with the cleartext_pwd to crypt(3) to generate another hash. This hash should be the same as the stored hash
My questions
======================
>> HTADM is not available on IBM HTTP Server for Apache. How can I get it?
I can find only htpasswd, which is limited in functionality compared to htadm
>> htpasswd limitation is that it cannot verify a password to one that is passed to it. At least the parameters dont have the option. Is there a way to use htpasswd to verify a stored password
>> I got a set of cleartext_pwd ----> hash mappings generated on the OS/390 using HTADM. Now i tried to verify if I could get the same hash using a separate implementation of crypt(3) found on this website.
http://_javascript_.internet.com/passwords/unix-crypt(3)-encryption.html
But the hash generated using this separate implementation does not match.
So is crypt(3) implemented differently on OS/390 comapred to AIX and other Unix OS's.
Thanks in advance
[Index of Archives]
[Open SSH Users]
[Linux ACPI]
[Linux Kernel]
[Linux Laptop]
[Kernel Newbies]
[Security]
[Netfilter]
[Bugtraq]
[Squid]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Samba]
[Video 4 Linux]
[Device Mapper]
