cgi authentication
Richard van de Stadt
stadt at cs.utwente.nl
Wed Sep 22 09:23:25 EDT 1999
Fredrik Lundh wrote:
>
> Richard van de Stadt <stadt at cs.utwente.nl> wrote:
> > Then in SomeScript you can work with the variables 'login' and
> > 'password'. I guess you must have thought of this. But one
> > never knows :-)
> >
> > But you'll have to make your own (encrypted?) password file
> > for this to work (or get the source of htpasswd to find out
> > how passwords are encrypted for use with .htaccess).
>
> iirc, they use crypt (just like /etc/password). given
> that you've enabled the crypt module, you can use
> something like this:
>
> def login(user, password, encrypted_password):
> "Check if user would be able to login using password"
> pw1 = encrypted_password
> pw2 = crypt.crypt(password, pw1[:2])
> return pw1 == pw2
>
> (derived from an example in "(the eff-bot guide to)
> The Standard Python Library" -- out soon!).
>
> finding the password file is left as an exercise...
>
> </F>
1) How does one enable the crypt module if it is not
available in the Python library? Do I have to ask our
Python maintainer to rebuild it?
2) The crypt-statement looks strange to me.
Why are the first 2 characters of the encrypted
password (apparently retrieved from the password
file) feeded into crypt()?
Or is this just the standard way password encryption is done?
Richard.
More information about the Python-list
mailing list