You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by Andy Ross <an...@techhead.fsnet.co.uk> on 2000/12/12 13:17:34 UTC

other/6963: Apache does not recognise passwords that have been correctly entered

>Number:         6963
>Category:       other
>Synopsis:       Apache does not recognise passwords that have been correctly entered
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    apache
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          support
>Submitter-Id:   apache
>Arrival-Date:   Tue Dec 12 04:20:01 PST 2000
>Closed-Date:
>Last-Modified:
>Originator:     andy@techhead.fsnet.co.uk
>Release:        1.3.14 (win32)
>Organization:
apache
>Environment:
Windows NT 4 Workstation, Service Pack 5, basic build, no apps installed other than IE5
>Description:
Apache is installed in the default location - C:\program files\apache group\apache

I've created the htaccess file detailed below and placed it in /htdocs

AuthType Basic
AuthName "By Invitation Only"
AuthUserFile /passwd/password
AuthGroupFile /dev/null
require user testuser

I then create the password file as detailed below and place it in the /passwd directory

C:\Program Files\Apache Group\APACHE\bin>htpasswd -c password testuser
Automatically using MD5 format on Windows.
New password: ******
Re-type new password: ******
Adding password for user testuser

I've amended all references to .htaccess to read htaccess in httpd.conf
I've made the following change to AllowOverride

# This controls which options the .htaccess files in directories can
# override. Can also be "All", or any combination of "Options", "FileInfo", 
# "AuthConfig", and "Limit"
#
    AllowOverride All

When I access the default page located at /htdocs, the username/password entry dialog box appears. I enter the correct combination, but this is rejected. There are no error messages. On the 3rd entry attempt the server returns an authentication failure page.

H E L P !!!



>How-To-Repeat:

>Fix:

>Release-Note:
>Audit-Trail:
>Unformatted:
 [In order for any reply to be added to the PR database, you need]
 [to include <ap...@Apache.Org> in the Cc line and make sure the]
 [subject line starts with the report component and number, with ]
 [or without any 'Re:' prefixes (such as "general/1098:" or      ]
 ["Re: general/1098:").  If the subject doesn't match this       ]
 [pattern, your message will be misfiled and ignored.  The       ]
 ["apbugs" address is not added to the Cc line of messages from  ]
 [the database automatically because of the potential for mail   ]
 [loops.  If you do not include this Cc, your reply may be ig-   ]
 [nored unless you are responding to an explicit request from a  ]
 [developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]