On Thu, 2012-01-05 at 03:26 +0100, Pascal Volk wrote: > On 01/05/2012 02:59 AM Noel Butler wrote: > > We use Crypt::PasswdMD5 - > > unix_md5_crypt() for all general password storage including mail/ftp > > etc, except for web, where we need to use apache_md5_crypt(). > > Huh, why do you need to store passwords in Apaches md5 crypt() format? >
Because with multiple servers, we store them all in (replicated) mysql :) (the same with postfix/dovecot). and as I'm sure you are aware, Apache does not understand standard crypted MD5, hence why there is the second option of apache_md5_crypt() > ,--[ Apache config ]-- > | AuthType Basic > | AuthName "bla …" > | AuthBasicProvider dbm > | AuthDBMUserFile /path/2/.htpasswd > | Require valid-user > | Order allow,deny > | Allow from 203.0.113.0/24 2001:db8::/32 > | Satisfy any > `--
<<attachment: face-smile.png>>
signature.asc
Description: This is a digitally signed message part
