Maxim Dounin Wrote:
-------------------------------------------------------
> 1. Does Nginx support SHA encryption for the basic web authentication?
> When I use -s switch with htpasswd command I can't log in...
I ran into this issue just the other day with htpasswd -s. I noticed that if I modified the output of htpasswd from {SHA} to {SSHA} I was able to use the generated password with nginx 1.0.4.
I wonder if it is feasible to add the following to ngx_crypt.c to be more compatible with the output of htpasswd? Please note, I'm no cryptologist and barely a programmer, but I do sleep in Holiday Inns.
--- ngx_crypt.c.orig 2011-07-07 08:10:36.814068671 -0700
+++ ngx_crypt.c 2011-07-07 08:11:26.670068063 -0700
@@ -42,6 +42,8 @@
#if (NGX_HAVE_SHA1)
} else if (ngx_strncmp(salt, "{SSHA}", sizeof("{SSHA}") - 1) == 0) {
return ngx_crypt_ssha(pool, key, salt, encrypted);
+ } else if (ngx_strncmp(salt, "{SHA}", sizeof("{SHA}") - 1) == 0) {
+ return ngx_crypt_ssha(pool, key, salt, encrypted);
#endif
}
45,46d44
< } else if (ngx_strncmp(salt, "{SHA}", sizeof("{SHA}") - 1) == 0) {
< return ngx_crypt_ssha(pool, key, salt, encrypted);