Error pages/Web Authentication

tsaavik nginx-forum at nginx.us
Thu Jul 7 19:14:27 MSD 2011


Maxim Dounin Wrote:
-------------------------------------------------------
> 1. Does Nginx support SHA encryption for the basic web
authentication?
> When I use -s switch with htpasswd command I can't log in...

I ran into this issue just the other day with htpasswd -s. I noticed
that if I modified the output of htpasswd from {SHA} to {SSHA} I was
able to use the generated password with nginx 1.0.4.

I wonder if it is feasible to add the following to ngx_crypt.c to be
more compatible with the output of htpasswd? Please note, I'm no
cryptologist and barely a programmer, but I do sleep in Holiday Inns.

--- ngx_crypt.c.orig	2011-07-07 08:10:36.814068671 -0700
+++ ngx_crypt.c	2011-07-07 08:11:26.670068063 -0700
@@ -42,6 +42,8 @@
 #if (NGX_HAVE_SHA1)
     } else if (ngx_strncmp(salt, "{SSHA}", sizeof("{SSHA}") - 1) == 0)
{
         return ngx_crypt_ssha(pool, key, salt, encrypted);
+    } else if (ngx_strncmp(salt, "{SHA}", sizeof("{SHA}") - 1) == 0) {
+        return ngx_crypt_ssha(pool, key, salt, encrypted);
 #endif
     }


45,46d44
<     } else if (ngx_strncmp(salt, "{SHA}", sizeof("{SHA}") - 1) == 0)
{
<         return ngx_crypt_ssha(pool, key, salt, encrypted);

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,205299,212005#msg-212005




More information about the nginx mailing list