Re: htaccess through perl without apache

You don't have to put htaccess directives in the httpd.conf, you can also put them in a .htaccess file in the directory you want to protect, which does not require restarting apache. Perl can generate the encrypted passwords using the crypt() function (perldoc -f crypt).

We're not surrounded, we're in a target-rich environment!

Comment on Re: htaccess through perl without apache

Replies are listed 'Best First'.
Re: Re: htaccess through perl without apache by true (Pilgrim) on Mar 27, 2003 at 00:54 UTC
Thanks for comments. What salt should i throw at crypt to mimic the htaccess crypt? i'm trying to write a htpasswd file in perl. if the password is birthday. I want to generate the .htpasswd file. so in perl i could say. `#!/usr/bin/perl use strict; my $passw = "birthday"; print crypt($passw,"SALT");` [download] But the output doesn't match the shadow password file. I thought these needed to match. Here's my .htaccess file if it helps. `AuthName "Clients/jtrue" AuthType Basic AuthUserFile /home/latitude38productions/.htpasswd Require valid-user` [download] thanks for reading.	[reply] [d/l] [select]
Re: Re: Re: htaccess through perl without apache by jsprat (Curate) on Mar 27, 2003 at 01:16 UTC
From perldoc -f crypt: `When verifying an existing encrypted string you should use the encrypted text as the salt (like "crypt($plain, $crypted) eq $crypted"). This allows your code to work with the standard "crypt" and with more exotic implementations.` [download] Works perfectly with htpasswd. Update: Or you could try Apache::Htpasswd. `$foo = new Apache::Htpasswd({passwdFile => "path-to-file", ReadOnly => 1} ); # Check that a password is correct $pwdFile->htCheckPassword("zog", "password");` [download]	[reply] [d/l] [select]