Issue 87 in svnbook: mention 'htdigest' tool when mentioning digest auth
svnbook at googlecode.com
svnbook at googlecode.com
Mon Jan 3 19:20:21 CST 2011
Comment #3 on issue 87 by quinntay... at mac.com: mention 'htdigest' tool when
mentioning digest auth
http://code.google.com/p/svnbook/issues/detail?id=87
I just ran into this same problem. No, 'htpasswd -m' uses MD5 encryption
for passwords, but htdigest creates a different format of file. For one
thing, it has the additional concept of a "realm".
http://httpd.apache.org/docs/2.2/programs/htdigest.html
http://httpd.apache.org/docs/2.2/programs/htpasswd.html
Perhaps one reason for the wrong assumption is that Apache digest
authentication uses MD5 as the algorithm for the challenge and response
hashes, whereas the -m for htpasswd specifies how the password is stored.
(Similarly, 'htpasswd -s' specifies SHA rather than MD5.)
Updating the svnbook documentationto reflect this would be a nice step
towards helping people use something more secure than Apache's basic
authentication. I'd be happy to provide a patch with an example if needed.
More information about the svnbook-dev
mailing list