apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rajesh K Chaurasia <rajes...@yahoo.com>
Subject Password (getpass()) truncation issue on HP-UX in apr-0.9.18
Date Wed, 23 Jun 2010 07:09:49 GMT
Hello APR Developers:

I am using subversion client on HP-UX which has a dependency on apr, apr-util. The packages
available for HP-UX porting and archiving center from 

http://hpux.connect.org.uk/hppd/hpux/Development/Libraries/apr-0.9.18/

has password truncation issue on HP-UX (all versions, 11.11, 11.23, 11,31) on PA-RISC and
IA64.

I could track the issue to HP-UX getpass() API which truncates the password at 8 characters.
Unfortunately, apr configure scripts finds and uses getpass() HP-UX API. To resolve the issue
I had to edit .../apr-0.9.18/passwd/apr_getpass.c to manually undefine HAVE_GETPASS and let
apr internal getpass() function be used.

#if defined(__hpux) || defined(__hpux__)
  #undef HAVE_GETPASS
#endif

I checked the apr source tree up to 1.4.2 and the issue is present in all apr versions.

The recommended password reading API on HP-UX is getpasswd() defined in libsec. I would like
to request apr developers to resolve the apr issue on HP-UX by either of following methods,

- On HP-UX, always use apr internal getpass() / apr_getpass().
- On HP-UX, configure should check for getpasswd() available in libsec library.

If this issue could be resolved in apr on HP-UX, we don't need users to make source change
to apr to be able to use it on HP-UX with password lengths greater than 8 characters.

This is a critical issue being faced on HP-UX while using subversion client.

Regards
-Rajesh


      

Mime
View raw message