Has anyone come up with a way to allow remote users to change their own passwords in VisualSVN server? We have it running in 'stand-alone' (non-ActiveDirectory) mode and the only down side that I've found to this excellent product is that users can't set or change their passwords.
It's something I can live with, but the security implications of passwords that never change are well known. I'm sure it must be possible to add the functionality, but I'm not the least bit talented in any of the technologies used by VisualSVN - so just wondering if anyone has done it?
I've decided to have a bash at implementing this myself. First obstacle, with which I'd appreciate some help, is the password encryption. I've found that VisualSVN has a password file, called htpasswd
which has a list of users in the following format:
JoePublic:$apr1$lpq$kF8nZjjuFxgJBExK8ruf20
JoePublic is the username, I presume the colon is a delimiter and the rest is some sort of password hash. The actual password used in this case was ForgetMeNot
.
This doesn't seem to be an MD5 or SHA hash, but I'm not very worldly wise in this area, so it may well be. Given the information above, can anyone deduce the algorithm being used?
If you need that functionality then you'll need to integrate with Active Directory, which is really a good idea anyways so users don't have to manage multiple separate passwords.