Bug 25031 - www/apache: dbmmanage fails verifying md5 hashes
Summary: www/apache: dbmmanage fails verifying md5 hashes
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Andrey A. Chernov
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2001-02-12 08:50 UTC by girgen
Modified: 2003-06-02 20:13 UTC (History)
0 users

See Also:


Attachments
file.diff (477 bytes, patch)
2001-02-12 08:50 UTC, girgen
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description girgen 2001-02-12 08:50:00 UTC
Apache can now, and will by default, use md5 to hash passwords. The prefix used is
'apa', whereas FreeBSD traditionally has used $1$. If you have a password file
with $1$-prefixed md5-hashes, dbmmanage fails to recognize them as crypted.

How-To-Repeat: create a password using dbmmanage on a system *not* using DES for crypt(3) routines,
and with a somewhat elderly apache (1.3.3 should do, but I can't remeber where
the 'apa' prefix was introduced. This pasword hash will have  a $1$ prefix.

$ dbmmmanage pwfile verify user

will fail, since dbmmanage believes the password is plain text, not hashed.
Comment 1 Peter Wemm freebsd_committer freebsd_triage 2001-02-19 19:48:09 UTC
Responsible Changed
From-To: gnats-admin->freebsd-ports

Misfiled
Comment 2 Steve Price freebsd_committer 2001-02-26 02:15:22 UTC
Responsible Changed
From-To: freebsd-ports->ache

Over to port's maintainer.
Comment 3 Andrey A. Chernov freebsd_committer 2003-06-02 20:12:59 UTC
State Changed
From-To: open->closed

Other fix committed