[thelist] crypt, salt, and htaccess
Dean Mah
dmah at members.evolt.org
Thu Jan 2 10:49:00 CST 2003
On Thu, Jan 02, 2003 at 11:18:10AM -0500, deke wrote:
> I'm trying to "roll my own" web interface for htaccess access control.
>
> The format for the password file is apparently
> username:PASSWORD
> where PASSWORD is actually the crypt() of the *real* password.
>
> But I can't see how to tell Apache what the *salt* is. How can Apache
> encrypt an entered password and see if it matches the stored password,
> if it doesn't know what salt was used?
The salt is the first two characters of the encrypted password. If it
is a new password, you just randomly choose the salt.
Dean
More information about the thelist
mailing list