This directory includes some utilities to allow Apache 1.3.6 to
recognize passwords in SHA1 format, as used by Netscape web servers.
From Netscape's admin interface, export the password database to an
ldif file and then use convert.pl in this distribution to generate
apache style password files.
Note: SHA1 support is useful for migration purposes, but is less
secure than Apache's password format, since Apache's (MD5)
password format uses a random eight character salt to generate
one of many possible hashes for the same password. Netscape
uses plain SHA1 without a salt, so the same password
will always generate the same hash, making it easier
to break since the search space is smaller.
This code was contributed by Clinton Wong <clintdw@netcom.com>.
README.sha1
this file
convert-sha1.pl
takes an ldif dump from Netscape's web server on
standard in, outputs apache htpasswd format on standard out.
Usage: convert.pl < ldif > passwords
htpasswd-sha1.pl
perl script to generate entries in apache htpasswd format.
Usage: htpasswd-sha1.pl some_user some_password
ldif-sha1.example
sample ldif dump with one sha1 password and one crypt password.