[BusyBox] Feature proposition - httpd authentication

Michael Sternberg mishka at sdf.lonestar.org
Tue Jul 15 08:08:43 UTC 2003


Hello

Right now BusyBox httpd support basic authentication
only, i.e. it checks dir:login:password written as
clear text in /etc/httpd.conf file.

How about adding authentication against /etc/passwd ?
For example if the password field is omitted in
/etc/httpd.conf, httpd will perform something like this:

char salt[4] = {'\0'};
char *pass_enc;
struct passwd* pass = getpwnam(login_str);

salt[0]=pass->pw_passwd[0];
salt[1]=pass->pw_passwd[1];
pass_enc=crypt(pass, salt);
if (memcpy(pass->pw_password, pass_enc, 13) != 0)
   ...

Or better yet - to add some password checking function
to libbb/correct_password.c and differentiate between
old-style passwords and shadow passwords ?

			Michael




More information about the busybox mailing list