[thelist] crypt, salt, and htaccess

[deke]

I'm trying to "roll my own" web interface for htaccess access control.

The format for the password file is apparently
username:PASSWORD
where PASSWORD is actually the crypt() of the *real* password.

But I can't see how to tell Apache what the *salt* is. How can Apache
encrypt an entered password and see if it matches the stored password,
if it doesn't know what salt was used?

--
If I have seen farther than others, it is by stepping on the toes of
giants