diff options
Diffstat (limited to 'rubbos/app/httpd-2.0.64/support/SHA1/README.sha1')
-rw-r--r-- | rubbos/app/httpd-2.0.64/support/SHA1/README.sha1 | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/rubbos/app/httpd-2.0.64/support/SHA1/README.sha1 b/rubbos/app/httpd-2.0.64/support/SHA1/README.sha1 new file mode 100644 index 00000000..3998e1fd --- /dev/null +++ b/rubbos/app/httpd-2.0.64/support/SHA1/README.sha1 @@ -0,0 +1,34 @@ +This directory includes some utilities to allow Apache 1.3.6 to +recognize passwords in SHA1 format, as used by Netscape web servers. + +From Netscape's admin interface, export the password database to an +ldif file and then use convert.pl in this distribution to generate +apache style password files. + +Note: SHA1 support is useful for migration purposes, but is less + secure than Apache's password format, since Apache's (MD5) + password format uses a random eight character salt to generate + one of many possible hashes for the same password. Netscape + uses plain SHA1 without a salt, so the same password + will always generate the same hash, making it easier + to break since the search space is smaller. + +This code was contributed by Clinton Wong <clintdw@netcom.com>. + +README.sha1 + this file + +convert-sha1.pl + takes an ldif dump from Netscape's web server on + standard in, outputs apache htpasswd format on standard out. + + Usage: convert.pl < ldif > passwords + +htpasswd-sha1.pl + perl script to generate entries in apache htpasswd format. + + Usage: htpasswd-sha1.pl some_user some_password + +ldif-sha1.example + sample ldif dump with one sha1 password and one crypt password. + |