LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 10-14-2009, 11:16 AM   #1
carlosinfl
Senior Member
 
Registered: May 2004
Location: Orlando, FL
Distribution: Arch
Posts: 2,905

Rep: Reputation: 73
Question Shell Password -vs- HTPASSWD Password?


I have a mail server that authenticates from the user's shell password listed in /etc/shadow (encrypted) and then my web server has some html documents that are password protected using 'htpasswd'. I tried to copy the encrypted password from /etc/shadow to my web servers htpasswd/passwd file. When I did, it would not let the user in to view the html pages because it did not like their password I copied over from the mail server. Can someone tell me why this does not work? Is the encryption a different algorithm for shell than htpasswd?
 
Old 10-14-2009, 11:26 AM   #2
forrestt
Senior Member
 
Registered: Mar 2004
Location: Cary, NC, USA
Distribution: Fedora, Kubuntu, RedHat, CentOS, SuSe
Posts: 1,288

Rep: Reputation: 99
The encryption is a different algorithm, but also using the shell password as a web password isn't something you want to do from a security perspective. The shell is protected by a time delay between attempted logins that is gradually increased with each attempt. The HTTP server does not do this. Therefore, a cracker can hit your web server hundreds of times a second (more or less depending on how you have your server configured), drastically reducing the time it would take to perform a brute force attack on your password.

Forrest
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Internal Server Error with Password protection of directory using .htaccess/.htpasswd mlapl1 Linux - Newbie 1 10-14-2009 01:12 AM
htpasswd password file fw12 Linux - Newbie 5 07-16-2006 03:26 PM
get password through shell script shashwat.gupta Programming 6 06-14-2006 02:42 AM
How to tell shell script a password? Etoile Linux - Newbie 5 04-05-2006 10:16 PM
Shell Script For Password cpope67 Programming 4 01-10-2005 03:16 AM


All times are GMT -5. The time now is 06:02 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration