From: Vincent Bray <noodl@apache.org>
Date: Sat, 8 Sep 2007 14:25:32 +0000 (+0000)
Subject: Sync with changes to wiki version of password formats document. Add to /misc/ index.
X-Git-Tag: 2.3.0~1447
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=1ecea166783ea1f560157f32cadc97411da600a0;p=apache

Sync with changes to wiki version of password formats document. Add to /misc/ index.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@573845 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/docs/manual/misc/index.html.en b/docs/manual/misc/index.html.en
index 91eb22a932..ac4626f244 100644
--- a/docs/manual/misc/index.html.en
+++ b/docs/manual/misc/index.html.en
@@ -67,6 +67,13 @@
         <p>This document acts as a reference page for most of the relevant
         standards that Apache follows.</p>
       </dd>
+
+      <dt><a href="password_encryptions.html">Password Encryption Formats</a></dt>
+
+      <dd>
+        <p>Discussion of the various ciphers supported by Apache for
+        authentication purposes.</p>
+      </dd>
     </dl>
 
   </div>
diff --git a/docs/manual/misc/index.xml b/docs/manual/misc/index.xml
index 9f0c8c446c..e59da6fdf6 100644
--- a/docs/manual/misc/index.xml
+++ b/docs/manual/misc/index.xml
@@ -71,6 +71,13 @@
         <p>This document acts as a reference page for most of the relevant
         standards that Apache follows.</p>
       </dd>
+
+      <dt><a href="password_encryptions.html">Password Encryption Formats</a></dt>
+
+      <dd>
+        <p>Discussion of the various ciphers supported by Apache for
+        authentication purposes.</p>
+      </dd>
     </dl>
 
   </summary>
diff --git a/docs/manual/misc/password_encryptions.html.en b/docs/manual/misc/password_encryptions.html.en
index 3c4fb09ec9..43ea32f33f 100644
--- a/docs/manual/misc/password_encryptions.html.en
+++ b/docs/manual/misc/password_encryptions.html.en
@@ -39,8 +39,9 @@
       <dd>Windows, BEOS, &amp; Netware only.</dd>
        
        <dt>CRYPT</dt>
-       <dd>Unix only. Calls the Unix crypt(3) function with a randomly-generated
-       32-bit salt and the password.</dd>
+       <dd>Unix only. Uses the traditional Unix <code>crypt(3)</code> function
+       with a randomly-generated 32-bit salt (only 12 bits used) and the first 8
+       characters of the password.</dd>
        
        <dt>SHA1</dt>
        <dd>"{SHA}" + Base64-encoded SHA-1 digest of the password.</dd>
@@ -48,7 +49,7 @@
        <dt>MD5</dt>
        <dd>"$apr1$" + the result of an Apache-specific algorithm using an
        iterated (1,000 times) MD5 digest of various combinations of a
-       randomly-generated 32-bit salt and the password. See the APR source file
+       randoml 32-bit salt and the password. See the APR source file
        <a href="http://svn.apache.org/viewvc/apr/apr-util/trunk/crypto/apr_md5.c?view=markup">apr_md5.c</a>
        for the details of the algorithm.</dd>
     </dl>
@@ -92,8 +93,8 @@
     <h3>Validating CRYPT or MD5 passwords with the OpenSSL command
              line program</h3>
       
-      <p>The salt for a CRYPT password is the first two characters (as a
-      Base64-encoded binary value). To validate <code>myPassword</code> against
+      <p>The salt for a CRYPT password is the first two characters (converted to
+      a binary value). To validate <code>myPassword</code> against
       <code>rqXexS6ZhobKA</code></p>
       
       <div class="example"><h3>CRYPT</h3><p><code>
@@ -119,9 +120,9 @@
     
     <h3>Database password fields for mod_dbd</h3>
       <p>The SHA1 variant is probably the most useful format for DBD
-      authentication. Since the SHA1-hash and Base64-encoding functions are
-      commonly available, other software can populate a database with encrypted
-      passwords that are usable by Apache basic authentication.</p>
+      authentication. Since the SHA1 and Base64 functions are commonly
+      available, other software can populate a database with encrypted passwords
+      that are usable by Apache basic authentication.</p>
       
       <p>To create Apache SHA1-variant basic-authentication passwords in various
       languages:</p>
@@ -158,8 +159,8 @@
   </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="section">
 <h2><a name="digest" id="digest">Digest Authentication</a></h2>
-    <p>There is only one format that Apache recognizes for
-    digest-authentication passwords. This format is the MD5 hash of the string
+    <p>Apache recognizes one format for
+    digest-authentication passwords - the MD5 hash of the string
     <code>user:realm:password</code> as a 32-character string of hexadecimal
     digits. <code>realm</code> is the Authorization Realm argument to the
     <code class="directive"><a href="../mod/mod_authn_core.html#authname">AuthName</a></code> directive in
@@ -167,7 +168,7 @@
     
     <h3>Database password fields for mod_dbd</h3>
       
-      <p>Since the MD5-hash function is commonly available, other software can
+      <p>Since the MD5 function is commonly available, other software can
       populate a database with encrypted passwords that are usable by Apache
       digest authentication.</p>
       
@@ -186,7 +187,7 @@
       <span class="indent">
         s = "0" + s;
       </span>
-      // String s is the digest hash
+      // String s is the encrypted password
       </code></p></div>
       
       <div class="example"><h3>ColdFusion</h3><p><code>
@@ -198,6 +199,11 @@
       Digest::MD5.hexdigest(user + ':' + realm + ':' + password)
       </code></p></div>
       
+      <div class="example"><h3>PostgreSQL (with the contrib/pgcrypto functions installed)</h3><p><code>
+        
+        encode(digest( user || ':' || realm || ':' || password , 'md5'), 'hex')
+      </code></p></div>
+      
     
   </div></div>
 <div class="bottomlang">
diff --git a/docs/manual/misc/password_encryptions.xml b/docs/manual/misc/password_encryptions.xml
index 188cb6463e..d5067bc6aa 100644
--- a/docs/manual/misc/password_encryptions.xml
+++ b/docs/manual/misc/password_encryptions.xml
@@ -40,8 +40,9 @@
       <dd>Windows, BEOS, &amp; Netware only.</dd>
        
        <dt>CRYPT</dt>
-       <dd>Unix only. Calls the Unix crypt(3) function with a randomly-generated
-       32-bit salt and the password.</dd>
+       <dd>Unix only. Uses the traditional Unix <code>crypt(3)</code> function
+       with a randomly-generated 32-bit salt (only 12 bits used) and the first 8
+       characters of the password.</dd>
        
        <dt>SHA1</dt>
        <dd>"{SHA}" + Base64-encoded SHA-1 digest of the password.</dd>
@@ -49,7 +50,7 @@
        <dt>MD5</dt>
        <dd>"$apr1$" + the result of an Apache-specific algorithm using an
        iterated (1,000 times) MD5 digest of various combinations of a
-       randomly-generated 32-bit salt and the password. See the APR source file
+       randoml 32-bit salt and the password. See the APR source file
        <a href="http://svn.apache.org/viewvc/apr/apr-util/trunk/crypto/apr_md5.c?view=markup">apr_md5.c</a>
        for the details of the algorithm.</dd>
     </dl>
@@ -93,8 +94,8 @@
     <section>
       <title>Validating CRYPT or MD5 passwords with the OpenSSL command
              line program</title>
-      <p>The salt for a CRYPT password is the first two characters (as a
-      Base64-encoded binary value). To validate <code>myPassword</code> against
+      <p>The salt for a CRYPT password is the first two characters (converted to
+      a binary value). To validate <code>myPassword</code> against
       <code>rqXexS6ZhobKA</code></p>
       
       <example><title>CRYPT</title>
@@ -120,9 +121,9 @@
     
     <section><title>Database password fields for mod_dbd</title>
       <p>The SHA1 variant is probably the most useful format for DBD
-      authentication. Since the SHA1-hash and Base64-encoding functions are
-      commonly available, other software can populate a database with encrypted
-      passwords that are usable by Apache basic authentication.</p>
+      authentication. Since the SHA1 and Base64 functions are commonly
+      available, other software can populate a database with encrypted passwords
+      that are usable by Apache basic authentication.</p>
       
       <p>To create Apache SHA1-variant basic-authentication passwords in various
       languages:</p>
@@ -159,8 +160,8 @@
   </section>
   
   <section id="digest"><title>Digest Authentication</title>
-    <p>There is only one format that Apache recognizes for
-    digest-authentication passwords. This format is the MD5 hash of the string
+    <p>Apache recognizes one format for
+    digest-authentication passwords - the MD5 hash of the string
     <code>user:realm:password</code> as a 32-character string of hexadecimal
     digits. <code>realm</code> is the Authorization Realm argument to the
     <directive module="mod_authn_core">AuthName</directive> directive in
@@ -168,7 +169,7 @@
     
     <section><title>Database password fields for mod_dbd</title>
       
-      <p>Since the MD5-hash function is commonly available, other software can
+      <p>Since the MD5 function is commonly available, other software can
       populate a database with encrypted passwords that are usable by Apache
       digest authentication.</p>
       
@@ -187,7 +188,7 @@
       <indent>
         s = "0" + s;
       </indent>
-      // String s is the digest hash
+      // String s is the encrypted password
       </example>
       
       <example><title>ColdFusion</title>
@@ -199,6 +200,11 @@
       Digest::MD5.hexdigest(user + ':' + realm + ':' + password)
       </example>
       
+      <example>
+        <title>PostgreSQL (with the contrib/pgcrypto functions installed)</title>
+        encode(digest( user || ':' || realm || ':' || password , 'md5'), 'hex')
+      </example>
+      
     </section>
   </section>