Item9503: md5 (digest) password setting seems to be incompatible with apache 2.0

at least, apache 2.0 seems to fail when the emails are appended to the password file when using AuthType Digest.

needs testing (i've only just seen it on win32 1.0.9 - it may apply to others including 1.1) and possibly a workaround.

-- SvenDowideit - 19 Aug 2010

To my knowledge and according to my weak memory the only password format that ever worked on Windows based server is sha1.

I am not letting this be a release blocker. Few runs Windows as server. And those that does will choose sha1 as we recommend it in configure.

Feel free to fix. But this is most like broken since Cairo.

-- KennethLavrsen - 19 Aug 2010

yup, weak memory. md5 works well on windows, and is only broken when the emails are stores in the .htpasswd file when using apache 2.0.

secondly, 'Few runs Windows as server' is a misconception that you continue to perpetrate. a remarkable number of companies use foswiki on windows.

(yes, i know - this is a count of OS used to download - http://sourceforge.net/downloads/foswiki/stats_timeline )

we shouldn't be recomending sha1 - its significantly inferior to using digest auth..

i think its been broken since foswiki 1.0 - when someone made storing emails in the htpasswd compulsory.

-- SvenDowideit - 22 Aug 2010

I'm going to set this as Needs Developer. Apache is up to version 2.4, and things have changed a lot. We need a windows dev to recreate this and confirm it is still an issue. There has been a large amount of work on password encoding since Foswiki 1.0

-- GeorgeClark - 07 Jan 2015

Commenting is disabled while not logged in