hwg-servers archives Aug 2000 new search results previous next

how to generate htpasswd non-interactively

by "Kevin A. Jackson" <kevin(at)nvision.on.ca>

 Date:  Wed, 09 Aug 2000 18:00:08 -0500
 To:  hwg-servers(at)mail.hwg.org
 In-Reply-To:  skynet
  todo: View Thread, Original 
This list is the greatest source of support as we fight our way through 
configuring our first server.

I have a great question, in two parts.

- There are 1500+ users, and more will be added, although not more than a 
few hundred as it is a relatively small regional association.
- We have a text-file database, pipe-delimited, of users with the following 
fields: 
FIRST_NAME|LAST_NAME|TITLE|COMPANY|CITY|PROVINCE|COUNTRY|MAIN_PHONE|FAX|EMAI 
L|URL|CHAPTER|MEMTYPE|PIN, where PIN is an individual member's code, 
supposed to be unique, but after a close look I find 36 places where two 
different users have the same pin.
- They have told their members in a mass-mailing today that they can access 
a members-only section of the web site, which actually consists of two 
completely separate directories and a bulletin board (UltimateBB), by 
entering their first name as the username and their PIN code as the password.
- ordinarily I would use htpasswd to generate individual username/encrypted 
password combinations in a password file which htaccess could check 
against, except there are too many users to enter it manually, and the 
usernames are not unique, there being more than one Jim, Tracy, Julie, etc.
- So the first question is, assuming I was able to generate unique 
usernames, how would I encrypt that many passwords with an automated 
script, as htpasswd does not seem to have a switch to turn off the 
interactive double-query for a password.
- The second question is: considering that the level of security required 
here is very light, (there is no financial information involved, and the 
content in the members-only areas is very tame), can't I just use the 
authentication module of htaccess to check against the username/pin 
combination in the text file, disregarding the fact that the password is 
not encrypted, because we don't really care?

If not, is there a different way that this is normally done?

Any advice appreciated.

Cheers


Kevin Jackson

--
Biz-Zone Internet Group
We build web stuff for business
http://www.biz-zone.com/ - Mailto:kevin(at)biz-zone.com
Phone: (905)888-0002 - Fax: (905)888-0001

HWG: hwg-servers mailing list archives, maintained by Webmasters @ IWA