httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 48652] New: "AuthType form" fails if a password contains '&' sign
Date Mon, 01 Feb 2010 15:24:03 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=48652

           Summary: "AuthType form" fails if a password contains  '&' sign
           Product: Apache httpd-2
           Version: 2.3-HEAD
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: major
          Priority: P2
         Component: mod_auth
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: mike.fursov@gmail.com


When I use '&' (ampersand) sign in a user's password "AuthType form" fails to
authenticate a user.

The configuration example is below. 

If I change AuthType to Basic the authentication works, so I think this is a
bug in mod_auth_form.

<Location /test>

    Require valid-user
    ErrorDocument 401 /test-login
    AuthType form
    AuthName inline
    AuthFormProvider ldap
    AuthLDAPURL
"ldap://192.168.0.100/ou=Users,dc=test,dc=company,dc=com?uid?one"
    SessionCryptoPassphrase client-pass
    Session On
    SessionCookieName clientSSOpass path=/;httponly;secure;Version=1;
    SessionMaxAge 0
    AuthFormFakeBasicAuth On

    ProxyPass http://server2:8080/test
    ProxyPassReverse http://server2:8080/test
    RequestHeader unset Accept-Encoding
    RequestHeader set SSOHandler true
</Location>         


The Apache version I use is 2.3.4, system: Ubuntu 64bit

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message