Bug 25031

Summary:

www/apache: dbmmanage fails verifying md5 hashes

Product:

Ports & Packages

Reporter:

girgen <girgen>

Component:

Individual Port(s)

Assignee:

Andrey A. Chernov <ache>

Status:

Closed FIXED

Severity:

Affects Only Me

Priority:

Normal

Version:

Latest

Hardware:

Any

OS:

Any

Attachments:

Description	Flags
file.diff	none

Description girgen 2001-02-12 08:50:00 UTC

Apache can now, and will by default, use md5 to hash passwords. The prefix used is
'apa', whereas FreeBSD traditionally has used $1$. If you have a password file
with $1$-prefixed md5-hashes, dbmmanage fails to recognize them as crypted.

How-To-Repeat: create a password using dbmmanage on a system *not* using DES for crypt(3) routines,
and with a somewhat elderly apache (1.3.3 should do, but I can't remeber where
the 'apa' prefix was introduced. This pasword hash will have  a $1$ prefix.

$ dbmmmanage pwfile verify user

will fail, since dbmmanage believes the password is plain text, not hashed.

Comment 1 Peter Wemm freebsd_committer

2001-02-19 19:48:09 UTC

Responsible Changed
From-To: gnats-admin->freebsd-ports

Misfiled

Comment 2 Steve Price freebsd_committer

2001-02-26 02:15:22 UTC

Responsible Changed
From-To: freebsd-ports->ache

Over to port's maintainer.

Comment 3 Andrey A. Chernov freebsd_committer

2003-06-02 20:12:59 UTC

State Changed
From-To: open->closed

Other fix committed