apache: using $1$ md5 salt in place of $apr1$
Hello people,
I'm going crazy trying to get apache (v2.2.6 built Sep 23 2007---the built-in apache in Mac OS X 10.5) to recognize MD5 passwords made using something other than htpasswd -m. The passwords are made using pwunconv on a redhat linux machine, FWIW.
When I look at the encrypted passwords from the other machine, I see
xxx:$1$sssssss$zzz...
which means that the passwords are encrypted using the standard (non-htpasswd) version of md5, as far as I can tell.
Apache likes md5 passwords encrypted using htpasswd -m; they look like
xxx:$apr1$sssssss$zzz...
My version of apache has no problem using passwords added to the bottom of the original file in this fashion.
My web server can read only those containing an $apr1$. It cannot interpret those with $1$. The web server on the linux machine apparently can read the non-apache passwords, however. As far as I know, it is running version 2.0.?? of apache.
I know nothing about how the apache on the linux machine is configured or how it was built. I'm just trying to use the same files in my AuthUserFile directives, since I can that way use the same passwords as the main server without any mess or fuss.
Can anyone give a clue for what I should do to be able to read the non-apache style encryptions?
Bill
I'm going crazy trying to get apache (v2.2.6 built Sep 23 2007---the built-in apache in Mac OS X 10.5) to recognize MD5 passwords made using something other than htpasswd -m. The passwords are made using pwunconv on a redhat linux machine, FWIW.
When I look at the encrypted passwords from the other machine, I see
xxx:$1$sssssss$zzz...
which means that the passwords are encrypted using the standard (non-htpasswd) version of md5, as far as I can tell.
Apache likes md5 passwords encrypted using htpasswd -m; they look like
xxx:$apr1$sssssss$zzz...
My version of apache has no problem using passwords added to the bottom of the original file in this fashion.
My web server can read only those containing an $apr1$. It cannot interpret those with $1$. The web server on the linux machine apparently can read the non-apache passwords, however. As far as I know, it is running version 2.0.?? of apache.
I know nothing about how the apache on the linux machine is configured or how it was built. I'm just trying to use the same files in my AuthUserFile directives, since I can that way use the same passwords as the main server without any mess or fuss.
Can anyone give a clue for what I should do to be able to read the non-apache style encryptions?
Bill
Mac Mini Core 2 Duo, Mac OS X (10.5.1)