Hello! On Thu, Jun 22, 2017 at 06:26:50PM -0400, Dwight Marzolf wrote:
> We have an installation of nginx 1.10.3 in which we are using an htpasswd > file that contains bcrypt encyrpted passwords. This is a file that is used > by multiple apps that require authentication. Everything I am reading > online says that nginx does not support bcrypt passwords. The other apps > using this file have no problem with bcrypt. So, a questions. First, is > there a newer version of nginx that does support bcrypt? If not, is there > some workaround that will let us somehow use our bcrypt passwords with > nginx? I'm trying to avoid having either a separate htpasswd file for > nginx or lowering the encryption for all our apps to something that nginx > supports. In nginx there is no native support for bcrypt passwords as produced by Apache's htpasswd. On the other hand, nginx can use all password schemes supported by crypt(3) on your OS. Many operating systems do support bcrypt-encrypted passwords in crypt(3), and if Apache's variant is not different from other implementations, it would be enough to change the prefix in the password hashes from Apache-specific $2y$ to the one supported by your OS. -- Maxim Dounin http://nginx.org/ _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
