README.sha1
1This directory includes some utilities to allow Apache 1.3.6 to
2recognize passwords in SHA1 format, as used by Netscape web servers.
3
4From Netscape's admin interface, export the password database to an
5ldif file and then use convert.pl in this distribution to generate
6apache style password files.
7
8Note: SHA1 support is useful for migration purposes, but is less
9 secure than Apache's password format, since Apache's (MD5)
10 password format uses a random eight character salt to generate
11 one of many possible hashes for the same password. Netscape
12 uses plain SHA1 without a salt, so the same password
13 will always generate the same hash, making it easier
14 to break since the search space is smaller.
15
16This code was contributed by Clinton Wong <clintdw@netcom.com>.
17
18README.sha1
19 this file
20
21convert-sha1.pl
22 takes an ldif dump from Netscape's web server on
23 standard in, outputs apache htpasswd format on standard out.
24
25 Usage: convert.pl < ldif > passwords
26
27htpasswd-sha1.pl
28 perl script to generate entries in apache htpasswd format.
29
30 Usage: htpasswd-sha1.pl some_user some_password
31
32ldif-sha1.example
33 sample ldif dump with one sha1 password and one crypt password.
34
35