Return-Path: Delivered-To: apmail-httpd-bugs-archive@www.apache.org Received: (qmail 63904 invoked from network); 8 Feb 2009 09:20:17 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 8 Feb 2009 09:20:17 -0000 Received: (qmail 82490 invoked by uid 500); 8 Feb 2009 09:20:16 -0000 Delivered-To: apmail-httpd-bugs-archive@httpd.apache.org Received: (qmail 82458 invoked by uid 500); 8 Feb 2009 09:20:16 -0000 Mailing-List: contact bugs-help@httpd.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: Reply-To: "Apache HTTPD Bugs Notification List" List-Id: Delivered-To: mailing list bugs@httpd.apache.org Received: (qmail 82445 invoked by uid 99); 8 Feb 2009 09:20:16 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 08 Feb 2009 01:20:16 -0800 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 08 Feb 2009 09:20:08 +0000 Received: by brutus.apache.org (Postfix, from userid 33) id C969C234C4AB; Sun, 8 Feb 2009 01:19:46 -0800 (PST) From: bugzilla@apache.org To: bugs@httpd.apache.org Subject: DO NOT REPLY [Bug 46672] New: Insufficient documentation for mod_authn_dbd: password format X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: newchanged X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Apache httpd-2 X-Bugzilla-Component: Documentation X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: 2005@kuarepoti-dju.net X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: bugs@httpd.apache.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Changed-Fields: Message-ID: Content-Type: text/plain; charset="UTF-8" MIME-Version: 1.0 Date: Sun, 8 Feb 2009 01:19:46 -0800 (PST) X-Virus-Checked: Checked by ClamAV on apache.org https://issues.apache.org/bugzilla/show_bug.cgi?id=46672 Summary: Insufficient documentation for mod_authn_dbd: password format Product: Apache httpd-2 Version: 2.3-HEAD Platform: PC OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Documentation AssignedTo: bugs@httpd.apache.org ReportedBy: 2005@kuarepoti-dju.net mod_authn_dbd calls apr_password_validate() which seems to assume an MD5-encoded password, using the '$1$SaltMd5' notation known from the MD5-enabled crypt. Neither plain-text passwords nor PostgreSQL's md5() function seem to be accepted. Proposed fixes: - the documentation should make it clear in which format the passwords must be stored in the database - the module should throw a more detailed error when it finds out that the password is not in MD5 format, or even better introduce an option for plain, crypt, md5 etc. passwords In addition, the documentation could mention that there are database-specific authentication modules like http://www.giuseppetanzilli.it/mod_auth_pgsql2/ which are not related, for the convenience of the unexperienced user. Otherwise, configuration madness ensues :) -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org For additional commands, e-mail: bugs-help@httpd.apache.org