Plans for HtPasswdChecker
Felix Schwarz
during my coding session/hour today, I thought about the HtPasswdChecker.
IMHO compatibility to apache's htpasswd files is a major point here so we
need to support Apache's md5 and sha1 algorithms.
There is a small, pure python module for Apache/md5 under a liberal
license. What about embedding this module in authority/lib or something
like that?
--
Felix Schwarz
Dipl.-Informatiker
Gubener Str. 38
10243 Berlin
Germany
www.schwarz.eu - software development and consulting
Kevin Horn
I had figured that there must be a way to get Apache's md5 algorithm into Python, but I hadn't found a module/extension to do it yet.
Can you post a link to the module you mentioned?
Kevin Horn
Felix Schwarz
> Can you post a link to the module you mentioned?
http://www.sabren.net/code/python/crypt/
The library seems to have no single license as the code (the ideas) comes from
different sources:
- FreeBSD (beer-ware license)
- Crypt::PasswdMD5 (Perl): same terms as Perl itself, GPL v2(+?), Artistic
License)
- Michal Wallace (public domain)
Quite a license mess, but I think these licenses do not place additional
license burdens on authority beyond the conditions of a 3-clause BSD.
fs
Kevin Horn
- crypt
- md5 (python)
- md5 (Apache)
- sha1 (Apache can use this too, not sure if python implementation is compatible though)
You're right, the licensing is a bit of a mess though.
Kevin Horn
Felix Schwarz
> I think we can probably integrate this without too much difficulty. I'd
> like to eventually allow the user to configure which hash algorithm to use
> (in the config file...maybe "authority.checker.hashtype") with at least the
I don't think we should add a configuration option for that: Just parse the
htaccess file and use the appropriate algorithm (Apache's htpasswd tool can
create files with different hash algorithms). IMHO a configuration mechanism
is only needed if we had to add a new hash to the database.
fs
Kevin Horn
Kevin Horn