Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Apache + Wn2k - .htpasswd problems

2 views
Skip to first unread message

Eric Rosebrock

unread,
Oct 29, 2001, 10:56:00 AM10/29/01
to
Hello,

I am running Apache 1.3.21 with the indigo modified version and I am having
troubles with the password management.

Here's the deal. If I use the htpasswd.exe that came with Apache to generate
a password, it works great. No problems. However, I downloaded some password
management scripts to be able to add and remove users to the .htpasswd file
through a cgi interface. When I do this the encryption must throw something
off because those users will not be able to work. I can open the .htpasswd
file that those scripts use to add the users and I see the changes it makes.
However, those new users can't login!

Anybody have any ideas?

I am using Windows 2000 Server with Apache.

Thanks,
Eric

Michel Dalle

unread,
Oct 29, 2001, 12:11:39 PM10/29/01
to
In article <k_eD7.1160456$ai2.88...@bin2.nnrp.aus1.giganews.com>, "Eric Rosebrock" <ERIC@(NOSPAM)3dhavoc.net> wrote:
>Hello,
>
>I am running Apache 1.3.21 with the indigo modified version and I am having
>troubles with the password management.
>
>Here's the deal. If I use the htpasswd.exe that came with Apache to generate
>a password, it works great. No problems. However, I downloaded some password
>management scripts to be able to add and remove users to the .htpasswd file
>through a cgi interface. When I do this the encryption must throw something
>off because those users will not be able to work. I can open the .htpasswd
>file that those scripts use to add the users and I see the changes it makes.
>However, those new users can't login!

Most likely, those "password management scripts" you mentioned work
with the default crypt() function in Perl to encrypt passwords, and crypt()
generates a DES hash. But Apache on Windows (and the htpasswd.exe
program) works with MD5 hashes instead of DES, so it doesn't understand
the passwords generated by your scripts.

One way to solve this is to patch your management scripts as follows :

# install this module via ppm first
use Crypt::PasswdMD5;

# replace all crypt() calls with apache_md5_crypt()
use subs 'crypt';
sub crypt {
my ($password,$salt) = @_;
return apache_md5_crypt($password,$salt);
}

Good luck,

Michel.

--
Welcome to Mike's Pub
http://mikespub.net/forum/

Eric Rosebrock

unread,
Oct 29, 2001, 12:58:54 PM10/29/01
to
Wow... that sounds painful. Do you know of any scripts that run the MD5 ?

-Eric

"Michel Dalle" <ne...@mikespub.net> wrote in message
news:9rk2e5$uaf$1...@dackel.pdb.sbs.de...

Kenneth Lamb

unread,
Nov 4, 2001, 8:55:17 PM11/4/01
to
Look here http://exploited.dnsalias.com/cgiscripts/webbook/HTPASSWD.HTML

this works...!!!
"Eric Rosebrock" <ERIC@(NOSPAM)3dhavoc.net> wrote in message
news:yNgD7.1161798$ai2.88...@bin2.nnrp.aus1.giganews.com...

0 new messages