| This directory includes some utilities to allow Apache 1.3.6 to |
| recognize passwords in SHA1 format, as used by Netscape web servers. |
| |
| From Netscape's admin interface, export the password database to an |
| ldif file and then use convert.pl in this distribution to generate |
| apache style password files. |
| |
| Note: SHA1 support is useful for migration purposes, but is less |
| secure than Apache's password format, since Apache's (MD5) |
| password format uses a random eight character salt to generate |
| one of many possible hashes for the same password. Netscape |
| uses plain SHA1 without a salt, so the same password |
| will always generate the same hash, making it easier |
| to break since the search space is smaller. |
| |
| This code was contributed by Clinton Wong <clintdw@netcom.com>. |
| |
| README.sha1 |
| this file |
| |
| convert-sha1.pl |
| takes an ldif dump from Netscape's web server on |
| standard in, outputs apache htpasswd format on standard out. |
| |
| Usage: convert.pl < ldif > passwords |
| |
| htpasswd-sha1.pl |
| perl script to generate entries in apache htpasswd format. |
| |
| Usage: htpasswd-sha1.pl some_user some_password |
| |
| ldif-sha1.example |
| sample ldif dump with one sha1 password and one crypt password. |
| |