From fd75a0355058d0baf5367dab08d896429401a383 Mon Sep 17 00:00:00 2001
From: tenox7 <as@tenoware.com>
Date: Sun, 17 Dec 2017 21:26:31 -0800
Subject: md5 password support

---
 README.md | 21 +++++++++++++--------
 wfm.cfg   | 21 +++++++++++++--------
 2 files changed, 26 insertions(+), 16 deletions(-)

diff --git a/README.md b/README.md
index f35cda4..72d0676 100644
--- a/README.md
+++ b/README.md
@@ -85,16 +85,21 @@ Below is a simple, self-explanatory configuration file example:
     # external link button without going through cgi routines
     browser-url=http://x.x.x.x/files/
 
-    # access lists - ace type is either access-ip, access-user or access-htauth
-    # mixable, eg access-ip=ro:* with number of access-user=rw
-    # level is ro|rw, one host or username per line * denotes all hosts
-    # user is username:password combination
-    # htauth is for http basic/digest auth username or * any authenticated user
-    # htauth requires externally defined auth database and Require directive
+    # access lists - ace type is either access-ip, access-md5pw or access-htauth
+    # mixable, for example public read only with some read-write users
+    # access-ip=ro:* with number of access-md5=rw:user:md5hash
+    # level is ro|rw, one host or username per line * denotes any ip or user (htauth)
+    # md5 format is username:md5of(username:password) for example:
+    # access-md5=rw:foo:4e99e8c12de7e01535248d2bac85e732
+    # to generate this use echo -n "foo:bar" | md5
+    # htauth is for http basic/digest auth username or * any valid user
+    # htauth requires externally defined auth / require
     access-ip=ro:*
     access-ip=rw:127.0.0.1
-    access-user=ro:guest:secret
-    access-user=rw:admin:password
+    # guest / guest
+    access-md5pw=ro:guest:d3c3b5cb55d3c6d0c6122eedccc3dcf3
+    # admin / password
+    access-md5pw=rw:admin:73eff6386ce2091b5ca702fc007e1da9
     access-htauth=ro:*
     access-htauth=rw:admin
 
diff --git a/wfm.cfg b/wfm.cfg
index 0f32f91..f17a78f 100644
--- a/wfm.cfg
+++ b/wfm.cfg
@@ -22,15 +22,20 @@ edit-any-file=false
 # external link button without going through cgi routines
 browser-url=http://x.x.x.x/files/
 
-# access lists - ace type is either access-ip, access-user or access-htauth
-# mixable, eg access-ip=ro:* with number of access-user=rw
-# level is ro|rw, one host or username per line  * denotes all hosts
-# user is username:password combination
-# htauth is for http basic/digest auth username or * any authenticated user
-# htauth requires externally defined auth database and Require directive
+# access lists - ace type is either access-ip, access-md5pw or access-htauth
+# mixable, for example public read only with some read-write users
+# access-ip=ro:* with number of access-md5=rw:user:md5hash
+# level is ro|rw, one host or username per line * denotes any ip or user (htauth)
+# md5 format is username:md5of(username:password) for example:
+# access-md5=rw:foo:4e99e8c12de7e01535248d2bac85e732
+# to generate this use echo -n "foo:bar" | md5
+# htauth is for http basic/digest auth username or * any valid user
+# htauth requires externally defined auth / require
 access-ip=ro:*
 access-ip=rw:127.0.0.1
-access-user=ro:guest:secret
-access-user=rw:admin:password
+# guest / guest
+access-md5pw=ro:guest:d3c3b5cb55d3c6d0c6122eedccc3dcf3
+# admin / password
+access-md5pw=rw:admin:73eff6386ce2091b5ca702fc007e1da9
 access-htauth=ro:*
 access-htauth=rw:admin
-- 
cgit v1.2.3