You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2004/10/22 09:58:04 UTC
DO NOT REPLY [Bug 31847] New: -
Crypt difference between Solaris and Linux means htpasswd cannot be moved between OSs safely
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=31847>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=31847
Crypt difference between Solaris and Linux means htpasswd cannot be moved between OSs safely
Summary: Crypt difference between Solaris and Linux means
htpasswd cannot be moved between OSs safely
Product: Apache httpd-2.0
Version: 2.0-HEAD
Platform: Sun
OS/Version: Solaris
Status: NEW
Severity: Normal
Priority: Other
Component: mod_auth
AssignedTo: bugs@httpd.apache.org
ReportedBy: kombinat@hotmail.com
The output of htpasswd isn't consistent between Linux and Solaris, which means
that a htpasswd file cannot always be moved safely between the operating systems.
Here is an example:
The string: jrduwx
On Solaris 2.7, the following crypt was generated: _Tx1BwDcyMsVs
Checking that by calling crypt with _Tx1BwDcyMsVs as the salt produces:
_Tx1BwDcyMsVs
However, on Linux 2.6.8-1.521smp on i686, calling crypt with _Tx1BwDcyMsVs as
the salt produces: _TQmBm2dVTuRs
Reason I'm reporting it under Apache is that Apache 2 appears to be relying on
the OS native crypt library. If reliability of the crypt is important between
OSes, either the dependency should be re-examined or one of the OSes should fix
up their implementation of crypt, whoever got it wrong.
Cheers,
kombinat
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org