www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nakul Hoelz <na...@netron.com>
Subject mod_auth-any/5552: Authentication has to happen twice
Date Thu, 06 Jan 2000 22:29:17 GMT

>Number:         5552
>Category:       mod_auth-any
>Synopsis:       Authentication has to happen twice
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Thu Jan 06 14:30:00 PST 2000
>Closed-Date:
>Last-Modified:
>Originator:     nakul@netron.com
>Release:        1.3.9
>Organization:
apache
>Environment:
Server is running on Redhat 6.0.
Client is Netscape 4.5/4.6 or 4.7
>Description:
Module: mod_auth
password files created with htpasswd
Test case 1.) When Netscape authenticates access to a directory the username and password
have to be entered twice before the server authenticates the username.
IE5 in comparison to Netscape does not exhibit this problem.

Test case 2.)
With two useraccounts in the password file... 
entering the first one with the correct password, authentication fails.
Entering the second pair of username and password directly thereafter
creates an internal server error.
>How-To-Repeat:
Set up an environment as described above ...
Redhat 6.0
Apache 1.3.9 
use a simple authentication scheme with mod_auth and test with Netscape client
>Fix:
I believe the bug is in mod_auth.c or in one of the functions it calls. 
Probably in the first attempt to authenticate the username or password 
is not read properly into the variables that holds the username or password
so that the authentication fails. On the second attempt the variables are
both filled properly and the user can be authenticated.
 
>Release-Note:
>Audit-Trail:
>Unformatted:
 [In order for any reply to be added to the PR database, you need]
 [to include <apbugs@Apache.Org> in the Cc line and make sure the]
 [subject line starts with the report component and number, with ]
 [or without any 'Re:' prefixes (such as "general/1098:" or      ]
 ["Re: general/1098:").  If the subject doesn't match this       ]
 [pattern, your message will be misfiled and ignored.  The       ]
 ["apbugs" address is not added to the Cc line of messages from  ]
 [the database automatically because of the potential for mail   ]
 [loops.  If you do not include this Cc, your reply may be ig-   ]
 [nored unless you are responding to an explicit request from a  ]
 [developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]
 
 


Mime
View raw message