md5()

Re: md5()

On Mon, 6 Oct 2003 12:57:39 -0700, "Chris Mosser" <cmosser_at_com cast_dot_net>
wrote:
[color=blue]
>I am building an .htaccess file creator and obviously part of it is for
>directory protection. I 'm just trying to figure out if I can do it all
>with php or if I need to use exec() to use htpasswd. Basically, I got a
>different result using php's md5() function than I did using Apache's
>htpasswd executible(with the md5 option)
>
>What is different between these two??????[/color]



"htpasswd encrypts passwords using either a version of MD5 modified for Apache,
or the system's crypt() routine. Files managed by htpasswd may contain both
types of passwords; some user records may have MD5-encrypted passwords while
others in the same file may have passwords encrypted with crypt()."

[... to bottom of page ... ]

Restrictions:

[...]

The MD5 algorithm used by htpasswd is specific to the Apache software;
passwords encrypted using it will not be usable with other Web servers."

--
Andy Hassall (andy@andyh.co. uk) icq(5747695) (http://www.andyh.co.uk)
Space: disk usage analysis tool (http://www.andyhsoftware.co.uk/space)

Re: md5()



"Andy Hassall" <andy@andyh.co. uk> wrote in message
news:pri3ov46ko es6vie7e5gaucu3 j73baup9h@4ax.c om...[color=blue]
> On Mon, 6 Oct 2003 12:57:39 -0700, "Chris Mosser"[/color]
<cmosser_at_com cast_dot_net>[color=blue]
> wrote:
>[color=green]
> >I am building an .htaccess file creator and obviously part of it is for
> >directory protection. I 'm just trying to figure out if I can do it all
> >with php or if I need to use exec() to use htpasswd. Basically, I got a
> >different result using php's md5() function than I did using Apache's
> >htpasswd executible(with the md5 option)
> >
> >What is different between these two??????[/color]
>
> http://httpd.apache.org/docs-2.0/programs/htpasswd.html
>
> "htpasswd encrypts passwords using either a version of MD5 modified for[/color]
Apache,[color=blue]
> or the system's crypt() routine. Files managed by htpasswd may contain[/color]
both[color=blue]
> types of passwords; some user records may have MD5-encrypted passwords[/color]
while[color=blue]
> others in the same file may have passwords encrypted with crypt()."
>
> [... to bottom of page ... ]
>
> Restrictions:
>
> [...]
>
> The MD5 algorithm used by htpasswd is specific to the Apache software;
> passwords encrypted using it will not be usable with other Web servers."
>
> --
> Andy Hassall (andy@andyh.co. uk) icq(5747695) (http://www.andyh.co.uk)
> Space: disk usage analysis tool (http://www.andyhsoftware.co.uk/space)[/color]

Thanks... so basically, if I want to use Apache's .htaccess for
authentificatio n, then I should use htpasswd to create the passwd file.
--
Chris Mosser

Re: md5()

> > >I am building an .htaccess file creator and obviously part of it is for[color=blue][color=green][color=darkred]
> > >directory protection. I 'm just trying to figure out if I can do it all
> > >with php or if I need to use exec() to use htpasswd. Basically, I got a
> > >different result using php's md5() function than I did using Apache's
> > >htpasswd executible(with the md5 option)
> > >
> > >What is different between these two??????[/color]
> >
> > http://httpd.apache.org/docs-2.0/programs/htpasswd.html
> >
> > "htpasswd encrypts passwords using either a version of MD5 modified for[/color]
> Apache,[color=green]
> > or the system's crypt() routine. Files managed by htpasswd may contain[/color]
> both[color=green]
> > types of passwords; some user records may have MD5-encrypted passwords[/color]
> while[color=green]
> > others in the same file may have passwords encrypted with crypt()."
> >
> > [... to bottom of page ... ]
> >
> > Restrictions:
> >
> > [...]
> >
> > The MD5 algorithm used by htpasswd is specific to the Apache software;
> > passwords encrypted using it will not be usable with other Web servers."[/color][/color]
[color=blue]
> Thanks... so basically, if I want to use Apache's .htaccess for
> authentificatio n, then I should use htpasswd to create the passwd file.[/color]

I've never used this, but you might want to check out:



It's a class that's supposed to help you manage Apache htpasswd files...

Shawn
--
Shawn Wilson
shawn@glassgian t.com