httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 46672] New: Insufficient documentation for mod_authn_dbd: password format
Date Sun, 08 Feb 2009 09:19:46 GMT

           Summary: Insufficient documentation for mod_authn_dbd: password
           Product: Apache httpd-2
           Version: 2.3-HEAD
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Documentation

mod_authn_dbd calls apr_password_validate() which seems to assume an
MD5-encoded password, using the '$1$SaltMd5' notation known from the
MD5-enabled crypt. Neither plain-text passwords nor PostgreSQL's md5() function
seem to be accepted.

Proposed fixes:
- the documentation should make it clear in which format the passwords must be
stored in the database
- the module should throw a more detailed error when it finds out that the
password is not in MD5 format, or even better introduce an option for plain,
crypt, md5 etc. passwords

In addition, the documentation could mention that there are database-specific
authentication modules like
which are not related, for the convenience of the unexperienced user.
Otherwise, configuration madness ensues :)

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message