35 lines
1.2 KiB
Plaintext
35 lines
1.2 KiB
Plaintext
This directory includes some utilities to allow Apache 1.3.6 to
|
|
recognize passwords in SHA1 format, as used by Netscape web servers.
|
|
|
|
From Netscape's admin interface, export the password database to an
|
|
ldif file and then use convert.pl in this distribution to generate
|
|
apache style password files.
|
|
|
|
Note: SHA1 support is useful for migration purposes, but is less
|
|
secure than Apache's password format, since Apache's (MD5)
|
|
password format uses a random eight character salt to generate
|
|
one of many possible hashes for the same password. Netscape
|
|
uses plain SHA1 without a salt, so the same password
|
|
will always generate the same hash, making it easier
|
|
to break since the search space is smaller.
|
|
|
|
This code was contributed by Clinton Wong <clintdw@netcom.com>.
|
|
|
|
README.sha1
|
|
this file
|
|
|
|
convert-sha1.pl
|
|
takes an ldif dump from Netscape's web server on
|
|
standard in, outputs apache htpasswd format on standard out.
|
|
|
|
Usage: convert.pl < ldif > passwords
|
|
|
|
htpasswd-sha1.pl
|
|
perl script to generate entries in apache htpasswd format.
|
|
|
|
Usage: htpasswd-sha1.pl some_user some_password
|
|
|
|
ldif-sha1.example
|
|
sample ldif dump with one sha1 password and one crypt password.
|
|
|