On Thu, 2012-01-05 at 03:26 +0100, Pascal Volk wrote:
On 01/05/2012 02:59 AM Noel Butler wrote:
We use Crypt::PasswdMD5 - unix_md5_crypt() for all general password storage including mail/ftp etc, except for web, where we need to use apache_md5_crypt().
Huh, why do you need to store passwords in Apaches md5 crypt() format?
Because with multiple servers, we store them all in (replicated) mysql :) (the same with postfix/dovecot). and as I'm sure you are aware, Apache does not understand standard crypted MD5, hence why there is the second option of apache_md5_crypt()
,--[ Apache config ]-- | AuthType Basic | AuthName "bla …" | AuthBasicProvider dbm | AuthDBMUserFile /path/2/.htpasswd | Require valid-user | Order allow,deny | Allow from 203.0.113.0/24 2001:db8::/32 | Satisfy any `--
