[BusyBox] Feature proposition - httpd authentication
Michael Sternberg
mishka at sdf.lonestar.org
Tue Jul 15 08:08:43 UTC 2003
Hello
Right now BusyBox httpd support basic authentication
only, i.e. it checks dir:login:password written as
clear text in /etc/httpd.conf file.
How about adding authentication against /etc/passwd ?
For example if the password field is omitted in
/etc/httpd.conf, httpd will perform something like this:
char salt[4] = {'\0'};
char *pass_enc;
struct passwd* pass = getpwnam(login_str);
salt[0]=pass->pw_passwd[0];
salt[1]=pass->pw_passwd[1];
pass_enc=crypt(pass, salt);
if (memcpy(pass->pw_password, pass_enc, 13) != 0)
...
Or better yet - to add some password checking function
to libbb/correct_password.c and differentiate between
old-style passwords and shadow passwords ?
Michael
More information about the busybox
mailing list