Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 10-14-2009, 11:16 AM   #1
Senior Member
Registered: May 2004
Location: Orlando, FL
Distribution: Arch
Posts: 2,905

Rep: Reputation: 75
Question Shell Password -vs- HTPASSWD Password?

I have a mail server that authenticates from the user's shell password listed in /etc/shadow (encrypted) and then my web server has some html documents that are password protected using 'htpasswd'. I tried to copy the encrypted password from /etc/shadow to my web servers htpasswd/passwd file. When I did, it would not let the user in to view the html pages because it did not like their password I copied over from the mail server. Can someone tell me why this does not work? Is the encryption a different algorithm for shell than htpasswd?
Old 10-14-2009, 11:26 AM   #2
Senior Member
Registered: Mar 2004
Location: Cary, NC, USA
Distribution: Fedora, Kubuntu, RedHat, CentOS, SuSe
Posts: 1,288

Rep: Reputation: 99
The encryption is a different algorithm, but also using the shell password as a web password isn't something you want to do from a security perspective. The shell is protected by a time delay between attempted logins that is gradually increased with each attempt. The HTTP server does not do this. Therefore, a cracker can hit your web server hundreds of times a second (more or less depending on how you have your server configured), drastically reducing the time it would take to perform a brute force attack on your password.



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Internal Server Error with Password protection of directory using .htaccess/.htpasswd mlapl1 Linux - Newbie 1 10-14-2009 01:12 AM
htpasswd password file fw12 Linux - Newbie 5 07-16-2006 03:26 PM
get password through shell script shashwat.gupta Programming 6 06-14-2006 02:42 AM
How to tell shell script a password? Etoile Linux - Newbie 5 04-05-2006 10:16 PM
Shell Script For Password cpope67 Programming 4 01-10-2005 03:16 AM

All times are GMT -5. The time now is 01:25 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration