cdguitar01 has asked for the wisdom of the Perl Monks concerning the following question:

Hi reader, the names Chris. Anyways, I'm having a little trouble with my/a perl script I'm trying to use to update a password list created with the Apache 2.0.43 Win32 HTTP Server.

---When I use the htpasswd.exe program provided with the server to add user/password pairs to the .htpasswd file I get entries such as:
    chris:$apr1$404.....$FA0t857O4G8WQI/Z2oKi./
    username:$apr1$no5.....$pgT9lKz99lQkfMSxiWPRn/
htpasswd says it uses MD5 encoding. But what ever it uses, the passwords validate correctly when the broswer checks them.

---The problem arises when the Perl script makes entries. The script makes additions and deletions properly but it writes then in encoding that even though it should be, isn't the same as the MD5 that htpasswd.exe uses. It adds entries such as:
     -- with Digest::MD5->md5, it makes entries like: user:xâ9·èZ9M.„cy×Þ:
     -- with Digest::MD5->md5_hex, it makes entries like: user:03911647a3b0d004fe91206255d0bb50:
     -- with Digest::MD5->md5_base64, it makes entries like: user:eB/iObfoWjlNLoQXY3nX3g

None of which validates at all. I'm not used to Perl enough yet to go any farther then I've already gone. My knowledge of Java isn't helping in the least, but I know there are a few brains worth admiration here at perl monks, so.

I hope I gave enough information without turning you away from reading everything. If you'd like to take a look at the entire script, Click Here
Thanking everyone in advance,

    Chris DeGrace - cdguitar01@hotmail.com

Replies are listed 'Best First'.
Re: MD5 and my Win32 Apache
by tachyon (Chancellor) on Jan 01, 2003 at 05:16 UTC

    Just do a system call or use back tics to call htpasswd.exe and save yourself the grief... 

    `$HTPASSWD_BIN -b $HTPASSWD_FILE $user "$pwd"`;

    [download]

    Where $HTPASSWD_BIN is the full path to htpasswd.exe and $HTPASSWD_FILE is the full path to the .htpasswd file.

    If you want to see why what you are trying to do will not work properly read this (from the docs for Win32): 

         htpasswd encrypts passwords using either a  version  of  MD5
     modified for Apache, or the system's crypt() routine.  Files
     managed by htpasswd may contain  both  types  of  passwords;
     some  user  records  may  have MD5-encrypted passwords while
     others in the same file may have  passwords  encrypted  with
     crypt().

    [download]

    And then read htpasswd.c which you will find in your distro if you do a search. The MD5 hashing is modified as you can see. You may be able to use crypt() to do what you want if you don't want to go the system call route for some reason.

    cheers

    tachyon

    s&&rsenoyhcatreve&&&s&n.+t&"$'$`$\"$\&"&ee&&y&srve&&d&&print

[reply]
[d/l]
[select]
      Thanks tachyon, I'm going go and see if I'm advanced enough yet to make your solution work. I don't see why it wouldn't so, thanks.

      Chris DeGrace
      cdguitar01
[reply]

Back to Seekers of Perl Wisdom