www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Erik Williams <sun...@interpath.com>
Subject mod_auth-any/1909: .htpasswd does not authenticate without extra newline at EOF (see PR #1869).
Date Tue, 03 Mar 1998 13:59:34 GMT

>Number:         1909
>Category:       mod_auth-any
>Synopsis:       .htpasswd does not authenticate without extra newline at EOF (see PR #1869).
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Tue Mar  3 06:00:00 PST 1998
>Last-Modified:
>Originator:     sunfox@interpath.com
>Organization:
apache
>Release:        1.3b3
>Environment:
OS:  WinNT Server (Service Pack 3)
Using precompiled NT binaries
>Description:
When adding authentication to the web tree, I ran into the same problem
as reported in PR #1869.  After fixing that file and getting round the 500
errors, I found a variation on the theme of PR #1869 for the .htpasswd file.

If you do not have an extra newline at the end of your .htpasswd file, the
error logs will show the following (user name changed to protect the
innocent):

[Mon Mar 02 14:41:19 1998] [error] user someuser: password mismatch: /

Adding the extra newline fixed the problem and authentication works as it
should.
>How-To-Repeat:
Create a .htpasswd file on an NT version of apache with no trailing spaces
or newlines.  Use this .htpasswd file in an .htaccess file to restrict a
directory.  You should see the failures in the error log as indicated above.
>Fix:
The parser needs to be a bit more flexible...this is a variation on the
newline incompatibility between UNIX and Windows/DOS boxes.  It should
be able to deal gracefully with whatever line termination is standard
for the platform being compiled
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <apbugs@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]




Mime
View raw message