You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Cliff Skolnick <cl...@organic.com> on 1996/02/01 22:55:33 UTC

WWW Form Bug Report: "apache can verify users using /etc/shadow" on Solaris 2.x (fwd)

No ack sent.

--
Cliff Skolnick                                      cliff@organic.com

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety." -- Benjamin Franklin, 1759

---------- Forwarded message ----------
Date: Thu Feb 1 12:14:09 1996
From: angelos@netaxis.com
To: cliff@organic.com
Subject: WWW Form Bug Report: "apache can verify users using /etc/shadow" on Solaris 2.x

Submitter: angelos@netaxis.com
Operating system: Solaris 2.x, version: 2.4
Extra Modules used: none
URL exhibiting problem: http://www.netaxis.com/customer/support.htm

Symptoms:
--
in the getpw function if you replace the last line
  with the following little hack
it will allow apache to do user authentication
using the /etc/shadow file , given that the server
is running as root
   w = getword(r->pool, &rpw, ':');
            return pstrdup (r->pool, w);
it is also a good idea to so that you can add 
elements to the .htpasswd file :-)
--

Backtrace:
--

--