summaryrefslogtreecommitdiffstats
path: root/support/SHA1/README.sha1
blob: 3998e1fdd91ef2a6fb42d015e8a4b51454c0e302 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
This directory includes some utilities to allow Apache 1.3.6 to 
recognize passwords in SHA1 format, as used by Netscape web servers.  

From Netscape's admin interface, export the password database to an 
ldif file and then use convert.pl in this distribution to generate 
apache style password files.  

Note: SHA1 support is useful for migration purposes, but is less
      secure than Apache's password format, since Apache's (MD5)
      password format uses a random eight character salt to generate
      one of many possible hashes for the same password.  Netscape
      uses plain SHA1 without a salt, so the same password
      will always generate the same hash, making it easier
      to break since the search space is smaller.

This code was contributed by Clinton Wong <clintdw@netcom.com>.

README.sha1 
	this file

convert-sha1.pl 
	takes an ldif dump from Netscape's web server on
        standard in, outputs apache htpasswd format on standard out.

        Usage: convert.pl < ldif > passwords

htpasswd-sha1.pl
	perl script to generate entries in apache htpasswd format.

       	Usage: htpasswd-sha1.pl some_user some_password

ldif-sha1.example
	sample ldif dump with one sha1 password and one crypt password.