[CalendarServer-users] encrypted passwords in accounts.xml

Götz Babin-Ebell g.babin-ebell at novamedia.de
Fri Jan 27 12:33:13 PST 2012

Am 27.01.2012 16:46, schrieb Matthew Morgan:
> Is it possible to encrypt the passwords in accounts.xml and still use
> HTTP authentication, similar to having an encrypted password in an
> apache .htaccess file?

Yes, but that requires a modification of the Server software.
The patch wasn't that big and I might have posted it on the list.
If I havn't: Just look into the code that operates on the pass phrase
and adapt it accordingly...
(demo code to encrypt and verify pass phrases should be in the net...)

But beware:
encrypted pass phrases require plain authentification (so use TLS...)



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 554 bytes
Desc: OpenPGP digital signature
URL: <http://lists.macosforge.org/pipermail/calendarserver-users/attachments/20120127/04e0134b/attachment.bin>

More information about the calendarserver-users mailing list