From 5dff2d61cc1c27747ee398e04d8e02843aabb1f8 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Tue, 7 May 2024 04:04:06 +0200 Subject: Adding upstream version 2.4.38. Signed-off-by: Daniel Baumann --- support/SHA1/README.sha1 | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 support/SHA1/README.sha1 (limited to 'support/SHA1/README.sha1') diff --git a/support/SHA1/README.sha1 b/support/SHA1/README.sha1 new file mode 100644 index 0000000..3998e1f --- /dev/null +++ b/support/SHA1/README.sha1 @@ -0,0 +1,34 @@ +This directory includes some utilities to allow Apache 1.3.6 to +recognize passwords in SHA1 format, as used by Netscape web servers. + +From Netscape's admin interface, export the password database to an +ldif file and then use convert.pl in this distribution to generate +apache style password files. + +Note: SHA1 support is useful for migration purposes, but is less + secure than Apache's password format, since Apache's (MD5) + password format uses a random eight character salt to generate + one of many possible hashes for the same password. Netscape + uses plain SHA1 without a salt, so the same password + will always generate the same hash, making it easier + to break since the search space is smaller. + +This code was contributed by Clinton Wong . + +README.sha1 + this file + +convert-sha1.pl + takes an ldif dump from Netscape's web server on + standard in, outputs apache htpasswd format on standard out. + + Usage: convert.pl < ldif > passwords + +htpasswd-sha1.pl + perl script to generate entries in apache htpasswd format. + + Usage: htpasswd-sha1.pl some_user some_password + +ldif-sha1.example + sample ldif dump with one sha1 password and one crypt password. + -- cgit v1.2.3