Re: monit ./gc.c ./monit_http.c ./monitor.h ./p.y ....

[Jan-Henrik Haukeland]

Christian Hopp <address@hidden> writes:

> Log message:
>       - "multiuser" support & cleartext htpasswd support

Great!

>       *   additional "ALLOW user:passwd" entries are added to a credential 
> list
>       *   "ALLOW /path/whateverhtpwd" adds all entries to the user-credential 
> list
>       *   "ALLOW /path/whateverhtpwd user [user2...]" adds the specified 
> users from
>       *      the htpasswd file to the cred-list.
>       *   If multiple entries for one user exist just the first one is 
> entered!
>       *
>       *   Docs are going to follow!
>       ! These features need additional further testing... please have a look 
> at it !

I haven't looked at the htpasswd implementation, but I assume the
htpasswd file parsing is meant for reading in user/passwds from a
htpasswd file used in Apache or on Apache htpasswd format?

I'm a bit rusty on this but doesn't passwords in htpasswd often if not
always get encryped by crypt(3)? If so, you must encrypt all password
in monit with this algorithm and also encrypt submitted passwords and
compare the encrypted password strings.

I know it's a bit late to ask this question, but what exactly is the
benefit of using an external htpasswd file?

-- 
Jan-Henrik Haukeland