[thelist] crypt, salt, and htaccess
deke
web at master.gen.in.us
Thu Jan 2 10:27:01 CST 2003
I'm trying to "roll my own" web interface for htaccess access control.
The format for the password file is apparently
username:PASSWORD
where PASSWORD is actually the crypt() of the *real* password.
But I can't see how to tell Apache what the *salt* is. How can Apache
encrypt an entered password and see if it matches the stored password,
if it doesn't know what salt was used?
--
If I have seen farther than others, it is by stepping on the toes of
giants
More information about the thelist
mailing list