Priority: Normal
Current State: Closed
Released In: 1.1.3
Target Release: patch
Applies To: Engine
Component: Documentation,
HtPasswdUser
Branches:
[08:28:59] <Lavr> SteffenPoulsen. Remember when you advice people to use the htpasswd utility that it deletes all email addresses from .htpasswd
[08:29:22] <Lavr> Or at least from the entry to change
[08:30:13] <SteffenPoulsen> ah yep - forgot that, good point :-)
[08:30:17]
<Lavr> I usually run the htpasswd utility on a new password file
and then copy paste the result into the real one
[08:31:05] <SteffenPoulsen> yes, me too .. wonder if there's a topic I could have pointed to on the procedure
[08:32:07] <SvenDowideit> how about a commented out line that is added to the topof the .htpasswd file?
[08:32:55] * CDot has joined #twiki
[08:33:35] * marclaporte has joined #twiki
[08:34:15]
<Lavr> Yes when it is created. That would not be a bad idea. "Do
not use htpasswd utility on this file. See "URL to t.o FAQ topic"
[08:34:32] <SteffenPoulsen> pls go implement :-)
[08:35:25] <SvenDowideit> please add bug item
[08:35:42] <SvenDowideit> twikibot, make new bug?
[08:35:51] <SteffenPoulsen> :-)
--
TWiki:Main/SteffenPoulsen - 04 Sep 2007
Unsure about this, I don't think storing information directly in the .htpasswd file is an option (all entries are read and written on user updates, non-standard lines are lost in the process).
Perhaps a simple thing like this would be OK (create an additional
.htpasswd.README
file on creation time).
Index: lib/TWiki/Users/HtPasswdUser.pm
===================================================================
--- lib/TWiki/Users/HtPasswdUser.pm (revision 14913)
+++ lib/TWiki/Users/HtPasswdUser.pm (working copy)
@@ -123,6 +123,21 @@
sub _savePasswd {
my $db = shift;
+ unless (-e "$TWiki::cfg{Htpasswd}{FileName}" ) {
+ # Item4544: Add pointer to twiki.org topic on special format used in .htpasswd
+ umask( 077 );
+ open( FILE, ">$TWiki::cfg{Htpasswd}{FileName}.README" ) ||
+ throw Error::Simple( $TWiki::cfg{Htpasswd}{FileName}.
+ '.README open failed: '.$! );
+
+ print FILE "# TWiki uses a specially crafted .htpasswd file format that should not be\n";
+ print FILE "# manipulated using a standard htpasswd utility.\n";
+ print FILE "# (3rd-party utilities does not support the e-mail address format used).\n";
+ print FILE "# \n";
+ print FILE "# More information available at: http://twiki.org/cgi-bin/view/TWiki/HtPasswdFormat.\n";
+ close( FILE);
+ }
+
umask( 077 );
open( FILE, ">$TWiki::cfg{Htpasswd}{FileName}" ) ||
throw Error::Simple( $TWiki::cfg{Htpasswd}{FileName}.
If it is enough for this item, only todo is to create the twiki.org topic linked to.
--
TWiki:Main.SteffenPoulsen - 17 Sep 2007
Confirmed, and applies to TWiki.org
CC
Added a warning to
UserAuthentication where it discusses sharing the .htpasswd file with other applications. Also updated
HtPasswdUser to write the readme when creating a new .htpasswd file.
--
GeorgeClark - 25 Mar 2011