[PATCH] Mention GNU/Linux's crypt() function
Shawn Landden
shawn at git.icu
Mon Jul 2 09:40:03 UTC 2018
which supports the only secure hash functions available with this module
---
xml/en/docs/http/ngx_http_auth_basic_module.xml | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/xml/en/docs/http/ngx_http_auth_basic_module.xml b/xml/en/docs/http/ngx_http_auth_basic_module.xml
index e68a0f3b..54667305 100644
--- a/xml/en/docs/http/ngx_http_auth_basic_module.xml
+++ b/xml/en/docs/http/ngx_http_auth_basic_module.xml
@@ -96,7 +96,10 @@ The following password types are supported:
<listitem>
encrypted with the <c-func>crypt</c-func> function; can be generated using
the “<command>htpasswd</command>” utility from the Apache HTTP Server
-distribution or the “<command>openssl passwd</command>” command;
+distribution or the “<command>openssl passwd</command>” command; On GNU/Linux
+<c-func>crypt</c-func> supports the better hash function of SHA-512, identified by
+<literal>$6$</literal> in <literal>/etc/shadow</literal> (see the <c-func>crypt</c-func> man page). Unfortunately there is no
+utility for non-root users to produce these better-hashed passwords.
</listitem>
<listitem>
--
2.17.1
More information about the nginx-devel
mailing list