You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by Dan Armstrong <or...@bitwisesystems.com> on 1999/07/05 23:47:56 UTC
mod_auth-any/4700: Basic Authentication - Correct Username/Password pairs never accepted
>Number: 4700
>Category: mod_auth-any
>Synopsis: Basic Authentication - Correct Username/Password pairs never accepted
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: apache
>State: open
>Class: sw-bug
>Submitter-Id: apache
>Arrival-Date: Mon Jul 5 14:50:00 PDT 1999
>Last-Modified:
>Originator: orion@bitwisesystems.com
>Organization:
apache
>Release: 1.3.6
>Environment:
uname -a:
Linux xxx.xxx.xxx.xxx 2.2.3 #8 SMP Wed Apr 7 16:12:59 CDT 1999 i686 unknown
gcc --version:
2.7.2.3
ldd httpd:
libm.so.5 => libm.so.5.0.9
libcrypt.so.1 => libcrypt-2.0.7.so
libc.so.6 => libc-2.0.7.so
/lib/ld-linux.so.2 => ld-2.0.7.so
>Description:
Upgraded from 1.3.4 to 1.3.6
Basic Authentication with one user in one group
User is never allowed access
Nothing ever logged in either the Root Server or Virtual Host error log files
>How-To-Repeat:
(Not) working example currently at http://passwdtest.daughtkom.com/
Use Apache version 1.3.6
/usr/httpd/conf/httpd.conf:
# This is my configuration of compiled in modules
Alias /icons/ /usr/httpd/icons/
IndexOptions FancyIndexing IconHeight IconWidth NameWidth=* SuppressDescription
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
AddIconByType (TXT,/icons/text.gif) text/*
[more icons types]
AddIcon /icons/binary.gif .bin .exe
[more icons]
DefaultIcon /icons/unknown.gif
ReadmeName README
HeaderName HEADER
IndexIgnore .??* *~ *# HEADER* README* RCS
LogFormat "%h %l %u %t \"%r\" %>s %b" common
CustomLog /var/log/httpd/access_log common
TypesConfig /etc/mime.types
AddEncoding x-compress Z
AddEncoding x-gzip gz
AddLanguage en .en
# LanguagePriority en
AddType text/html .shtml
AddHandler server-parsed .shtml
AddHandler imap-file map
BrowserMatch "Mozilla/2" nokeepalive
[more browser matches]
# These are my global settings
AccessConfig /dev/null
BindAddress *
ContentDigest off
CoreDumpDirectory /usr/httpd
DefaultType text/plain
DirectoryIndex index.html index.shtml
DocumentRoot /usr/httpd/html
ErrorLog /var/log/httpd/error_log
Group www
HostNameLookups off
IdentityCheck off
KeepAlive On
KeepAliveTimeout 15
LogLevel crit
MaxClients 256
MaxKeepAliveRequests 100
MaxRequestsPerChild 0
MaxSpareServers 10
MinSpareServers 5
PidFile /var/run/httpd.pid
Port 80
ResourceConfig /dev/null
ScoreBoardFile /var/run/httpd.scoreboard
ServerAdmin root@localhost
ServerName localhost
ServerRoot /usr/httpd
ServerSignature Off
ServerTokens Minimal
ServerType standalone
StartServers 5
TimeOut 300
UseCanonicalName on
User www
<Directory />
AllowOverride None
Deny from All
Order deny,allow
Options None
</Directory>
<Directory /usr/httpd/icons>
Allow from All
Order allow,deny
</Directory>
<Directory /usr/httpd/html>
Allow from All
Order allow,deny
</Directory>
# And finally the virtual hosts
NameVirtualHost 216.178.140.50
<VirtualHost 216.178.140.50>
ServerName passwdtest.daughtkom.com
DocumentRoot /home/passwdtest/html
ServerAdmin orion@bitwisesystems.com
LogFormat "%h %l %u %t \"%r\" %>s %b" common
CustomLog /home/passwdtest/var/log/access_log common
ErrorLog /home/passwdtest/var/log/error_log
<Directory /home/passwdtest/html>
Allow from All
Order allow,deny
</Directory>
<Directory /home/passwdtest/html/password_protected>
AuthGroupFile conf/group
AuthUserFile conf/passwd
AuthType Basic
AuthName "Test User"
require group test
</Directory>
</VirtualHost>
/usr/httpd/conf/group:
test: test
/usr/httpd/conf/passwd:
test:C284MBhj4uIVY
>Fix:
Fix or document what has changed from 1.3.4 to 1.3.6 regarding authentication configuration.
Thank you
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, you need]
[to include <ap...@Apache.Org> in the Cc line and make sure the]
[subject line starts with the report component and number, with ]
[or without any 'Re:' prefixes (such as "general/1098:" or ]
["Re: general/1098:"). If the subject doesn't match this ]
[pattern, your message will be misfiled and ignored. The ]
["apbugs" address is not added to the Cc line of messages from ]
[the database automatically because of the potential for mail ]
[loops. If you do not include this Cc, your reply may be ig- ]
[nored unless you are responding to an explicit request from a ]
[developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]