On Tue, 22 Aug 2006 13:30:48 -0500, "William A. Rowe, Jr." <wrowe@xxxxxxxxxxxxx> wrote: >Joshua Slive wrote: >> On 8/22/06, Bo Berglund <bo.berglund@xxxxxxxxx> wrote: >>> I have a published website with several protected directories using >>> various .htaccess/.htpasswd files. It has been working fine for about >>> 10 years. The server is on a commercial webhost using Apache on Unix. >>> >>> I keep a mirror of the official website locally on a Windows 2003 PC >>> and all works well except the user authentication, which is a PITA to >>> get working. >> >> The problem is that apache never provides crypt() directly. It simply >> uses it if it is provided by the underlying OS. And Windows does not >> have crypt(). > >It sounds, if you are just testing, like you create a few test users that >belong to the different groups in your schema, and create them with md5 >passwords. The htpasswd default is now md5, but as you say, going back >10 years this wasn't so. And it turns out not all crypt()s are equal >either, so even moving from one variant of unix to another could break >your password file in this same way. > >That's why the default shifted to md5's which behaves the same on all >platforms. If you have perl script creating the passwords, look at >the package Crypt-MD5PasswdMD5 which crypts md5 apache-style passwords. > I was afraid this was the solution.... In fact we are planning on moving away from the web host and publish our own server but then we would have to go Windows2003 because noone here knows anything about how to maintain Linux PC:s. So my task will then be to find the cleartext passwords going back those years and recreate a md5 .htpasswd file. So my experimentation on the development server has a purpose in the future... Thanks for the information! /Bo Bo Berglund --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx