Maxim Dounin mdounin at mdounin.ru
Fri Jun 23 13:00:06 UTC 2017


On Thu, Jun 22, 2017 at 06:26:50PM -0400, Dwight Marzolf wrote:

> We have an installation of nginx 1.10.3 in which we are using an htpasswd
> file that contains bcrypt encyrpted passwords.  This is a file that is used
> by multiple apps that require authentication.  Everything I am reading
> online says that nginx does not support bcrypt passwords.  The other apps
> using this file have no problem with bcrypt.  So, a questions.  First, is
> there a newer version of nginx that does support bcrypt?  If not, is there
> some workaround that will let us somehow use our bcrypt passwords with
> nginx?  I'm trying to avoid having either a separate htpasswd file for
> nginx or lowering the encryption for all our apps to something that nginx
> supports.

In nginx there is no native support for bcrypt passwords as 
produced by Apache's htpasswd.  On the other hand, nginx can use 
all password schemes supported by crypt(3) on your OS.  Many 
operating systems do support bcrypt-encrypted passwords in 
crypt(3), and if Apache's variant is not different from other 
implementations, it would be enough to change the prefix in the 
password hashes from Apache-specific $2y$ to the one supported by 
your OS.

Maxim Dounin

More information about the nginx mailing list