Item9164: The crypt-md5 encoding in HtPasswd.pm is not cross-platform compatible

it failes on osx, it looks like it fails on strawberry perl, and quite honestly, the fact it uses crypt, and not md5, makes me wonder.

but... we can't just change it, as that would invalidate any users with passwords.

not a 1.1 issue

-- SvenDowideit - 16 Jun 2010

OK, then class it as an enhancement and don't leave it in "New" state, please! That just drags someone else into having to triage it (in this case, me)

-- CrawfordCurrie - 24 Jun 2010

Digging a bit more into this, it is highly unlikely to work on Windows as currently implemented. The glibc2 version of crypt allows magic to be passed to crypt to cause it to use alternate encoding methods. $1$saltsalt$hash ... triggers MD5 encoding.

The solution is to use Crypt::PasswdMD5::unix_md5_crypt() which does generate a compatible MD5 hash and is available on Strawberry perl on Windows. This appears to be safe, and probably resolves the OSx issue as well. By using Crypt::PasswdMD5, the unit tests on windows all pass. And a quick offline test verifies that crypt and Crypt::PasswdMD5 generate the same results.

Changing this back to a bug from an enhancement. Fix is simple, and our use of crypt is not cross-platform.

-- GeorgeClark - 24 Jul 2011

Commenting is disabled while not logged in