Protected directories to use $apr1$ password format

Version 1.43


The bug was only reported recently, but it may have existed for some time. The .htpasswd files apparently don't support $1$ formats, but DA has been saving this format since 1.24.3: so it's possible that older versions of apache did support $1$.. not sure. In any case, the proper solution is to use the proprietary apache md5 format which uses: $apr1$ The htpasswd binary has many different versions.. the version we'd need for secure automation has the -i option to use a single stdin. However, this is only a recent addition, so instead we're relying on using openssl with -stdin for the creation of the $apr1$ format.

Interested to try DirectAdmin? Get a 30-day Free Trial!