Apache crypt to SHA or standard Unix crypt

[Behdad Esfahbod]

On Wed, 12 Oct 2005, Leah Cunningham wrote:

> I have a strange problem that I am hoping for comments on.  I am trying
> to migrate a bunch of Apache users from a htpasswd file over to LDAP
> accounts.  I have a script that will do what I want for me, however,
> what I have been discovering is that the crypt that is used for Apache
> password files is specific and appears to not be 100% compatible with
> standard unix crypted passwords.  I am therefore trying to find a clean
> way to somehow convert a bunch of Apache crypted passwords to standard
> Unix crypt format, or even MD5 or SHA.
>
> Any clue where I would start?  Doing a crypt like this works fine for
> LDAP in perl:
>
>  my($cpass) = crypt "$pass",(join '', ('.', '/', 0..9,
> 'A'..'Z','a'..'z')[rand 64, rand 64]);


Hi Leah,

Can you give us examples maybe?   From my experiments, the crypt
is the same:

[behdad at home ~]$ htpasswd -c -b htpasswd behdad testPass
Adding password for user behdad
[behdad at home ~]$ cat htpasswd
behdad:tjwWZenZA50Fs
[behdad at home ~]$ perl -e 'print crypt("testPass", "tj")'
tjwWZenZA50Fs
[behdad at home ~]$

but the MD5 format is different:

[behdad at home ~]$ htpasswd -c -m -b htpasswd behdad testPass
Adding password for user behdad
[behdad at home ~]$ cat htpasswd
behdad:$apr1$uP4iP...$05P2T5MH8yXH7qJEQwezV.


where in Unix passwd files, the initial $apr1$ is simply $1$.  If
you simply remove the "apr", no, it doesn't work.  You may find
this recent blog entry helpful:

  http://blogs.sun.com/roller/page/alvaro?entry=md5_and_apache_magic_string



--behdad
http://behdad.org/

"Commandment Three says Do Not Kill, Amendment Two says Blood Will Spill"
	-- Dan Bern, "New American Language"
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml