You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by Andy Ross <an...@techhead.fsnet.co.uk> on 2000/12/12 13:17:34 UTC
other/6963: Apache does not recognise passwords that have been correctly entered
>Number: 6963
>Category: other
>Synopsis: Apache does not recognise passwords that have been correctly entered
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: apache
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: support
>Submitter-Id: apache
>Arrival-Date: Tue Dec 12 04:20:01 PST 2000
>Closed-Date:
>Last-Modified:
>Originator: andy@techhead.fsnet.co.uk
>Release: 1.3.14 (win32)
>Organization:
apache
>Environment:
Windows NT 4 Workstation, Service Pack 5, basic build, no apps installed other than IE5
>Description:
Apache is installed in the default location - C:\program files\apache group\apache
I've created the htaccess file detailed below and placed it in /htdocs
AuthType Basic
AuthName "By Invitation Only"
AuthUserFile /passwd/password
AuthGroupFile /dev/null
require user testuser
I then create the password file as detailed below and place it in the /passwd directory
C:\Program Files\Apache Group\APACHE\bin>htpasswd -c password testuser
Automatically using MD5 format on Windows.
New password: ******
Re-type new password: ******
Adding password for user testuser
I've amended all references to .htaccess to read htaccess in httpd.conf
I've made the following change to AllowOverride
# This controls which options the .htaccess files in directories can
# override. Can also be "All", or any combination of "Options", "FileInfo",
# "AuthConfig", and "Limit"
#
AllowOverride All
When I access the default page located at /htdocs, the username/password entry dialog box appears. I enter the correct combination, but this is rejected. There are no error messages. On the 3rd entry attempt the server returns an authentication failure page.
H E L P !!!
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, you need]
[to include <ap...@Apache.Org> in the Cc line and make sure the]
[subject line starts with the report component and number, with ]
[or without any 'Re:' prefixes (such as "general/1098:" or ]
["Re: general/1098:"). If the subject doesn't match this ]
[pattern, your message will be misfiled and ignored. The ]
["apbugs" address is not added to the Cc line of messages from ]
[the database automatically because of the potential for mail ]
[loops. If you do not include this Cc, your reply may be ig- ]
[nored unless you are responding to an explicit request from a ]
[developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]