You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by Dan Armstrong <or...@bitwisesystems.com> on 1999/07/05 23:47:56 UTC

mod_auth-any/4700: Basic Authentication - Correct Username/Password pairs never accepted

>Number:         4700
>Category:       mod_auth-any
>Synopsis:       Basic Authentication - Correct Username/Password pairs never accepted
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Mon Jul  5 14:50:00 PDT 1999
>Last-Modified:
>Originator:     orion@bitwisesystems.com
>Organization:
apache
>Release:        1.3.6
>Environment:
uname -a:
Linux xxx.xxx.xxx.xxx 2.2.3 #8 SMP Wed Apr 7 16:12:59 CDT 1999 i686 unknown

gcc --version:
2.7.2.3

ldd httpd:
libm.so.5 => libm.so.5.0.9
libcrypt.so.1 => libcrypt-2.0.7.so
libc.so.6 => libc-2.0.7.so
/lib/ld-linux.so.2 => ld-2.0.7.so
>Description:
Upgraded from 1.3.4 to 1.3.6
Basic Authentication with one user in one group
User is never allowed access

Nothing ever logged in either the Root Server or Virtual Host error log files
>How-To-Repeat:
(Not) working example currently at http://passwdtest.daughtkom.com/

Use Apache version 1.3.6

/usr/httpd/conf/httpd.conf:
# This is my configuration of compiled in modules 
        Alias /icons/ /usr/httpd/icons/
        IndexOptions FancyIndexing IconHeight IconWidth NameWidth=* SuppressDescription
        AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
        AddIconByType (TXT,/icons/text.gif) text/*
	[more icons types]
        AddIcon /icons/binary.gif .bin .exe
	[more icons]
        DefaultIcon /icons/unknown.gif
        ReadmeName README
        HeaderName HEADER
        IndexIgnore .??* *~ *# HEADER* README* RCS
        LogFormat "%h %l %u %t \"%r\" %>s %b" common
        CustomLog /var/log/httpd/access_log common
        TypesConfig /etc/mime.types
        AddEncoding x-compress Z
        AddEncoding x-gzip gz
        AddLanguage en .en
#       LanguagePriority en
        AddType text/html .shtml
        AddHandler server-parsed .shtml
        AddHandler imap-file map
        BrowserMatch "Mozilla/2" nokeepalive
	[more browser matches]

# These are my global settings
AccessConfig /dev/null
BindAddress *
ContentDigest off
CoreDumpDirectory /usr/httpd
DefaultType text/plain
DirectoryIndex index.html index.shtml
DocumentRoot /usr/httpd/html
ErrorLog /var/log/httpd/error_log
Group www
HostNameLookups off
IdentityCheck off
KeepAlive On
KeepAliveTimeout 15
LogLevel crit
MaxClients 256
MaxKeepAliveRequests 100
MaxRequestsPerChild 0
MaxSpareServers 10
MinSpareServers 5
PidFile /var/run/httpd.pid
Port 80
ResourceConfig /dev/null
ScoreBoardFile /var/run/httpd.scoreboard
ServerAdmin root@localhost
ServerName localhost
ServerRoot /usr/httpd
ServerSignature Off
ServerTokens Minimal
ServerType standalone
StartServers 5
TimeOut 300
UseCanonicalName on
User www
<Directory />
        AllowOverride None
        Deny from All
        Order deny,allow
        Options None
</Directory>
<Directory /usr/httpd/icons>
        Allow from All
        Order allow,deny
</Directory>
<Directory /usr/httpd/html>
        Allow from All
        Order allow,deny
</Directory>

# And finally the virtual hosts
NameVirtualHost 216.178.140.50

<VirtualHost 216.178.140.50>
        ServerName passwdtest.daughtkom.com
        DocumentRoot /home/passwdtest/html
        ServerAdmin orion@bitwisesystems.com
        LogFormat "%h %l %u %t \"%r\" %>s %b" common
        CustomLog /home/passwdtest/var/log/access_log common
        ErrorLog /home/passwdtest/var/log/error_log
        <Directory /home/passwdtest/html>
                Allow from All
                Order allow,deny
        </Directory>
        <Directory /home/passwdtest/html/password_protected>
                AuthGroupFile conf/group
                AuthUserFile conf/passwd
                AuthType Basic
                AuthName "Test User"
                require group test
        </Directory>
</VirtualHost>

/usr/httpd/conf/group:
test: test

/usr/httpd/conf/passwd:
test:C284MBhj4uIVY
>Fix:
Fix or document what has changed from 1.3.4 to 1.3.6 regarding authentication configuration.

Thank you
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, you need]
[to include <ap...@Apache.Org> in the Cc line and make sure the]
[subject line starts with the report component and number, with ]
[or without any 'Re:' prefixes (such as "general/1098:" or      ]
["Re: general/1098:").  If the subject doesn't match this       ]
[pattern, your message will be misfiled and ignored.  The       ]
["apbugs" address is not added to the Cc line of messages from  ]
[the database automatically because of the potential for mail   ]
[loops.  If you do not include this Cc, your reply may be ig-   ]
[nored unless you are responding to an explicit request from a  ]
[developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]