Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Apache>
  3. Dev
feature request (fwd)
hartill at hyperreal
Aug 9, 1995, 9:48 AM
Post #1 of 6 (327 views)
Permalink
Re: feature request (fwd) [ In reply to ]
brian at organic
Aug 9, 1995, 10:46 AM
Post #2 of 6 (325 views)
Permalink
On Wed, 9 Aug 1995, Florent Guillaume wrote:
> > Since both Apache/htpasswd and login(1) use the same function to
> > encrypt passwords, you'd think that you could just say:
> >
> > AuthUserFile /etc/passwd
>
> It is evil to use the system passwords for the WWW, because
> these passwords are sent in clear to whoever asks them.

I'd use the term "unwise", but yeah, I agree that it shouldn't be
suggested or necessarily enabled in our setup. MD5 authentication is
going to require storing something other than the crypted password
anyways.

Brian

--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
brian@organic.com brian@hyperreal.com http://www.[hyperreal,organic].com/
Re: feature request (fwd) [ In reply to ]
brian at organic
Aug 9, 1995, 1:44 PM
Post #3 of 6 (323 views)
Permalink
On Wed, 9 Aug 1995, Archie Cobbs wrote:
> > I'd use the term "unwise", but yeah, I agree that it shouldn't be
> > suggested or necessarily enabled in our setup. MD5 authentication is
> > going to require storing something other than the crypted password
> > anyways.
>
> That's true (and too bad for me). By the way, any projections as to
> when this MD5 password encoding gets implemented?

NCSA 1.5 and WN have it on the server end, and XMosaic 2.7 and emacs-W3
are the only clients as far as I know (no, wait, Spyglass too I think)

Brian

--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
brian@organic.com brian@hyperreal.com http://www.[hyperreal,organic].com/
Re: feature request (fwd) [ In reply to ]
blong at uiuc
Aug 9, 1995, 6:13 PM
Post #4 of 6 (324 views)
Permalink
Last time, Brian Behlendorf uttered the following other thing:
>
> On Wed, 9 Aug 1995, Archie Cobbs wrote:
> > > I'd use the term "unwise", but yeah, I agree that it shouldn't be
> > > suggested or necessarily enabled in our setup. MD5 authentication is
> > > going to require storing something other than the crypted password
> > > anyways.
> >
> > That's true (and too bad for me). By the way, any projections as to
> > when this MD5 password encoding gets implemented?
>
> NCSA 1.5 and WN have it on the server end, and XMosaic 2.7 and emacs-W3
> are the only clients as far as I know (no, wait, Spyglass too I think)

To my knowledge, one of the security modules Enhanced Mosaic from Spyglass
comes with is the Digest Authentication. Don't know if anyone has
tried it with the server, though. If eW3 uses it though, that's a test
to see if we implemented it right.

Brandon

--
Brandon Long (N9WUC) "I think, therefore, I am confused." -- RAW
Computer Engineering Run Linux '95. It's that Easy.
University of Illinois blong@uiuc.edu http://www.uiuc.edu/ph/www/blong
Don't worry, these aren't even my views.
Re: feature request (fwd) [ In reply to ]
guillaum at clipper
Aug 9, 1995, 7:35 PM
Post #5 of 6 (325 views)
Permalink
> Since both Apache/htpasswd and login(1) use the same function to
> encrypt passwords, you'd think that you could just say:
>
> AuthUserFile /etc/passwd

It is evil to use the system passwords for the WWW, because
these passwords are sent in clear to whoever asks them.
Re: feature request (fwd) [ In reply to ]
guillory at ncsa
Aug 10, 1995, 7:22 AM
Post #6 of 6 (326 views)
Permalink
> >
> > NCSA 1.5 and WN have it on the server end, and XMosaic 2.7 and emacs-W3
> > are the only clients as far as I know (no, wait, Spyglass too I think)

The final beta release of Windows Mosaic also has MD5 support.

Stanford S. Guillory
NCSA - University of Illinois
guillory@ncsa.uiuc.edu

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal