add htpasswd2 as a method for creating new users

[p_ansell@…]

Its great that I can use a htpasswd2 format file for authentication, but is it possible to implement a feature which allows me to create new accounts on it as well. Currently I am registering all of my users manually which is a bit of a pain.

This would be an improvement over the read-only support that is references in ticket #599

[Matt Good]

Account creation has been supported from the beginning. Initially via registration, and now there's also an admin page.

[p_ansell@…]

What are the settings I need to use in order to get trac to generate valid htpasswd2 entries? You only referred to generic account creation in your "worksforme" "solution"

I am currently using the following in my trac.ini:

[account-manager] generated_password_length = 8 hash_method = HtPasswdHashMethod password_file = /var/lib/trac/svn/svnusers password_store = HtPasswdStore

When I register an account it adds a line to the bottom of the file, but it is not in htpasswd2 format. That is what my question was directed to, not generic account creation. The desired format is the first one, with the second being generated after a registration with this plugin.

validhtpasswd2user:$apr1$Rth1C/..$YZ7.0ZrJfUNmbFaCCuSuX0 tester:IJpZjm73rolhk

[Matt Good]

Replying to p_ansell@yahoo.com:

When I register an account it adds a line to the bottom of the file, but it is not in htpasswd2 format. That is what my question was directed to, not generic account creation. The desired format is the first one, with the second being generated after a registration with this plugin.

validhtpasswd2user:$apr1$Rth1C/..$YZ7.0ZrJfUNmbFaCCuSuX0
tester:IJpZjm73rolhk

Both of those are valid htpasswd entries. The first is in the MD5 format and the second is CRYPT, which is the default on all platforms besides Windows which doesn't support it.

From the htpasswd usage output:

 -m  Force MD5 encryption of the password.
 -d  Force CRYPT encryption of the password (default).
 -p  Do not encrypt the password (plaintext).
 -s  Force SHA encryption of the password.

This plugin follows the htpasswd defaults and generates MD5 hashes on Windows and CRYPT hashes everywhere else. It will read existing hashes in MD5, CRYPT and SHA.

[Dan Bucatanschi]

Hi!

I am sorry if I am annoying anyone by reopening this ticket, but I believe it is an important enhancement (if not bug) that needs to be taken care of.

The reason for my statement above is that it seems that if the method for computing the hashes is CRYPT, then the password is truncated to 8 characters in length. Basically I cannot have a secure public server on the Internet (or at least people's accounts are not as secure as they could be). However, if I have an MD5 generated hash, then the password is not truncated to 8 characters (I'm sure there is a limit but it's much higher).

I hope someone will write a patch, which will allow the configuration of the way the hashes are generated, with the possibility of specifying an MD5 hash.

Thanks, -Dan

[Steffen Hoffmann]

Replying to dangb:

![...] I hope someone will write a patch, which will allow the configuration of the way the hashes are generated, with the possibility of specifying an MD5 hash.

After a long time this could finally come true now.

I'm testing a patch for ticket #2282, that developed towards a similar goal, effectively becoming a duplicate of this one, but already got further towards a solution in the comment trail. So let's stick to (the other) one ticket for tracking this enhancement.