alvagante
commented
9 years ago Please check the discussion here and add your points: https://github.com/example42/puppet-apache/pull/85
Closed liquorvicar closed 9 years ago
alvagante
commented
9 years ago Please check the discussion here and add your points: https://github.com/example42/puppet-apache/pull/85
liquorvicar
commented
9 years ago Thanks, have done.
If I understand things correctly, this commit (https://github.com/example42/puppet-apache/commit/22304f71a82bc9f835a6353757ca88572f428119) may have broken the htpasswd manifest. From what I can see the -p switch to htpasswd means do not encrypt the password, i.e. pass whatever is given to the command as the password straight through to the .htpasswd file. Thus if the crypt_password paramater is set this should have the -p flag set to avoid encrypting the already encrypted password before adding it to the .htpasswd file. The clear_password is actually the plaintext password which should not have the -p flag set so that it is encrypted before it is added to the .htpasswd file.
If the intention behind the commit is to allow saving of plaintext passwords to the .htpasswd file then surely that should be dealt with a separate flag. Although I'm not sure that it's even possible or desirable to have the .htpasswd file contain plaintext passwords!
But please correct me if I'm wrong!