Write htpasswd "crypt" passwords when possible

[e@…]

I moved my existing Trac 0.10 installation to another server and reinstalled all the plugins. The old server crashed so I'm not sure which version of AccountManagerPlugin I had installed. Now I'm using Trac 0.10, r1502 of AccountManagerPlugin and HtPasswdStore for password storage. After the installation I was not able to login anymore.

Investigating a bit more, I tried to change the password with Apache htpasswd. I tried MD5 (-m) and it did not work, I tried SHA (-s) and then it worked. Next, I tried to change my password using the "My Account" form, my SHA password got overwritten with an MD5 one. Logged out, tried to log in back, voila, it didn't work. Okay, I created it again using SHA, and it worked again.

When I set my password using Apache htpasswd -m, it looks like this:

$apr1$kHY7q...$8a93cOYhvM8paFbnYSH5Y0

but if I login (of course using a SHA password) and change the password to the same passphrase as above (though they're supposed to be same), it looks like this:

$apr1$ECzYt0..$ur3.hBA.Pa6.799.H2gQc/

For the record, passphrase is "test". I guess the md5 implementation is somehow incompatible or broken, or it's me doing something extremely stupid.

Can you help, please? -- Enver

[Matt Good]

No, the md5 implementation is equivalent. The htpasswd format uses a random "salt" value which is generated when you create a new password, so the hashes will never be the same, even if you use the same password.

However, it seem that Apache will only authenticate with md5 passwords on Windows. I'll look at supporting writing "crypt" passwords for writing when possible.

[Matt Good]

(In [1517]) write htpasswd entries using the crypt module when possible (fixes #883)

[anonymous]

Thanks a lot for your help, I tried the patch and it fixed the problem for me.