httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Zac Stevens <burri...@cryptocracy.com>
Subject Re: htaccess/htpasswd oddity
Date Tue, 28 May 2002 10:50:50 GMT
Hi Stuart,

On Tue, May 28, 2002 at 11:46:44AM +0100, Stuart Turner wrote:
> Original password set to tambl1n02 - login works ok.
> Changed password to tambl1n03 - login works ok, but so does tambl1n02.
> Changed password to monkey - login works ok, neither tambl1n02 nor tambl1n03
> work
> Changed password back to tambl1n03 - login works ok, but so does tambl1n02
> (again)
> 
> I tried restarting the httpd service to see if that helped but it didn't
> seem to make any difference.
> 
> Anyone got any ideas on this? Am I missing something obvious?

htpasswd creates its hashes using crypt(), which means that only the first
8 characters of the password are significant.

ie, 'tambl1n0hallelujahthisisagreatpassword' would get you in as well.

Not obvious, but it should perhaps be documented somewhere if it isn't
already. :)

Hope that helps


Zac

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message