Post a Reply
2948 views

Support user_htpasswd= hash

  1. 11 years ago

    abelbeck

    15 Jul 2013

    Hi,

    In AstLinux we have an administration web interface with an exiting .htpasswd file for basic auth using lighttpd.

    It would very nice if fop2.cfg could support htpasswd style hashes, possibly something like:
    --
    user_htpasswd = admin:X5fzxhp46gqCa:all
    user_htpasswd = 1234:Xa7O93k.uQlGz:dial,transfer,pickup,meetme
    --
    (or some clever way to still use user= and signal a htpasswd hash)

    In this way, we could easily generate the users with a #exec script.

    Reasonable ?

    Lonnie

  2. admin

    17 Jul 2013 Administrator

    There is no clever way right now to use hashed passwords. I do not remember the details, but it is not something simple to implement right now. FOP2 already uses/receives md5 hashed (and salted) passwords on the "wire", the salt changes on each action/request. So the hash sent via the string changes *every* time. .htpasswd can have different hashing algorithms specified so it is not something trivial at all to do.

    Best regards,

or Sign Up to reply!