httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Owen Boyle <...@bourse.ch>
Subject Re: basic authentication in apache 1.3.19 ignoring more than 8characters in the password.
Date Tue, 16 Apr 2002 13:27:53 GMT
Pete Nelson wrote:
> 
> I just tested this on Apache 1.3.22 on RedHat 6.2 and Apache 1.3.24 on
> Win2k, and both happily took a 19-character password
> (thisisalongpassword).  I am pretty confident that it should also work
> on Apache 1.3.19 on most platforms.

Did you test whether all the characters were significant? AFAIK, apache
uses the system passwd utility which is sensitive only to the first 8
chars. You can put in more if you like but they are not significant. In
other words, "thisisalongpassword" and "thisisalxxxxxxxxx" are the same.

Rgds,

Owen Boyle.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message