F.A.Q. typo and man page typo

Cristian Gilè
20 September 2008, 11:27
I think there is a typo in the general faq section at question number four.

The format of the passwordfile for Basic HTTP authentication should be
<username>:<plain-text password>[:user defined fields: ...]

and the format of the passwordfile for Digest HTTP authentication should be:
<username>:<password encrypted with the crypt(3) function>[:user defined fields: ...]

The same typo is also present in man page.

And so, in the httpd.conf the "basic" keyword should be replaced with the keyword "digest" and viceversa.


Hugo Leisink
22 September 2008, 15:51
The manpage and the FAQ are correct. Why do you think those lines need to be switched??
Cristian Gilè
22 September 2008, 18:05
I thought that digest authentication is intended to supersede unencrypted use of the basic access authentication, allowing user identity to be established securely without having to send a password in plaintext over the network.
Hugo Leisink
23 September 2008, 01:43
Digest HTTP authentication does indeed send passwords encrypted, but that has nothing to do with how those passwords are stored on disk. The algoritm requires a plain password, instead of a hashed one. That's why the are stored on disk unencrypted. Search wikipedia for those two authentication methods for more detailed information.
This topic has been closed.