On 8/22/06, Bo Berglund <bo.berglund@xxxxxxxxx> wrote:
I have a published website with several protected directories using various .htaccess/.htpasswd files. It has been working fine for about 10 years. The server is on a commercial webhost using Apache on Unix. I keep a mirror of the official website locally on a Windows 2003 PC and all works well except the user authentication, which is a PITA to get working. I dug down into this recently (again) and found that I can make it work if I redo all of the .htpasswd files using the htpasswd.exe program from the Apache installation, but I really do not want to search for all these thousands of passwords and redo the file.... The catch is that all of the passwords are created using Crypt and by some magic decision the Apache server on Windows seems not to recognize these. It requires MD5 password storage instead. At least by default. The htpasswd.exe file that ships with Apache refuses completely to create Crypted passwords even though I use that command line switch. It displays that it will use MD5 instead. My question is simply this, HOW can I enable Apache on Windows to accept Crypted passwords in the .htpasswd file?
The problem is that apache never provides crypt() directly. It simply uses it if it is provided by the underlying OS. And Windows does not have crypt(). The best way to handle this is to always use one of the other algorithms, both on windows and on unix. But it may be too late for you. I don't know of any other solutions. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx