1 files changed, 34 insertions, 0 deletions

diff --git a/support/SHA1/README.sha1 b/support/SHA1/README.sha1
new file mode 100644
index 0000000..3998e1f
--- /dev/null
+++ b/support/SHA1/README.sha1
@@ -0,0 +1,34 @@
+This directory includes some utilities to allow Apache 1.3.6 to 
+recognize passwords in SHA1 format, as used by Netscape web servers.  
+
+From Netscape's admin interface, export the password database to an 
+ldif file and then use convert.pl in this distribution to generate 
+apache style password files.  
+
+Note: SHA1 support is useful for migration purposes, but is less
+      secure than Apache's password format, since Apache's (MD5)
+      password format uses a random eight character salt to generate
+      one of many possible hashes for the same password.  Netscape
+      uses plain SHA1 without a salt, so the same password
+      will always generate the same hash, making it easier
+      to break since the search space is smaller.
+
+This code was contributed by Clinton Wong <clintdw@netcom.com>.
+
+README.sha1 
+	this file
+
+convert-sha1.pl 
+	takes an ldif dump from Netscape's web server on
+        standard in, outputs apache htpasswd format on standard out.
+
+        Usage: convert.pl < ldif > passwords
+
+htpasswd-sha1.pl
+	perl script to generate entries in apache htpasswd format.
+
+       	Usage: htpasswd-sha1.pl some_user some_password
+
+ldif-sha1.example
+	sample ldif dump with one sha1 password and one crypt password.
+