how to generate htpasswd non-interactively
by "Kevin A. Jackson" <kevin(at)nvision.on.ca>
|
Date: |
Wed, 09 Aug 2000 18:00:08 -0500 |
To: |
hwg-servers(at)mail.hwg.org |
In-Reply-To: |
skynet |
|
todo: View
Thread,
Original
|
|
This list is the greatest source of support as we fight our way through
configuring our first server.
I have a great question, in two parts.
- There are 1500+ users, and more will be added, although not more than a
few hundred as it is a relatively small regional association.
- We have a text-file database, pipe-delimited, of users with the following
fields:
FIRST_NAME|LAST_NAME|TITLE|COMPANY|CITY|PROVINCE|COUNTRY|MAIN_PHONE|FAX|EMAI
L|URL|CHAPTER|MEMTYPE|PIN, where PIN is an individual member's code,
supposed to be unique, but after a close look I find 36 places where two
different users have the same pin.
- They have told their members in a mass-mailing today that they can access
a members-only section of the web site, which actually consists of two
completely separate directories and a bulletin board (UltimateBB), by
entering their first name as the username and their PIN code as the password.
- ordinarily I would use htpasswd to generate individual username/encrypted
password combinations in a password file which htaccess could check
against, except there are too many users to enter it manually, and the
usernames are not unique, there being more than one Jim, Tracy, Julie, etc.
- So the first question is, assuming I was able to generate unique
usernames, how would I encrypt that many passwords with an automated
script, as htpasswd does not seem to have a switch to turn off the
interactive double-query for a password.
- The second question is: considering that the level of security required
here is very light, (there is no financial information involved, and the
content in the members-only areas is very tame), can't I just use the
authentication module of htaccess to check against the username/pin
combination in the text file, disregarding the fact that the password is
not encrypted, because we don't really care?
If not, is there a different way that this is normally done?
Any advice appreciated.
Cheers
Kevin Jackson
--
Biz-Zone Internet Group
We build web stuff for business
http://www.biz-zone.com/ - Mailto:kevin(at)biz-zone.com
Phone: (905)888-0002 - Fax: (905)888-0001
HWG: hwg-servers mailing list archives,
maintained by Webmasters @ IWA