You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2009/02/08 10:19:46 UTC
DO NOT REPLY [Bug 46672] New: Insufficient documentation for
mod_authn_dbd: password format
https://issues.apache.org/bugzilla/show_bug.cgi?id=46672
Summary: Insufficient documentation for mod_authn_dbd: password
format
Product: Apache httpd-2
Version: 2.3-HEAD
Platform: PC
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Documentation
AssignedTo: bugs@httpd.apache.org
ReportedBy: 2005@kuarepoti-dju.net
mod_authn_dbd calls apr_password_validate() which seems to assume an
MD5-encoded password, using the '$1$SaltMd5' notation known from the
MD5-enabled crypt. Neither plain-text passwords nor PostgreSQL's md5() function
seem to be accepted.
Proposed fixes:
- the documentation should make it clear in which format the passwords must be
stored in the database
- the module should throw a more detailed error when it finds out that the
password is not in MD5 format, or even better introduce an option for plain,
crypt, md5 etc. passwords
In addition, the documentation could mention that there are database-specific
authentication modules like http://www.giuseppetanzilli.it/mod_auth_pgsql2/
which are not related, for the convenience of the unexperienced user.
Otherwise, configuration madness ensues :)
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 46672] Insufficient documentation for
mod_authn_dbd: password format
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=46672
--- Comment #1 from Nick Kew <ni...@webthing.com> 2009-02-08 02:30:28 PST ---
This is the same for all the authn providers: you generate passwords according
to whether you're using mod_auth_basic or mod_auth_digest. But perhaps the
documentation of this and other authn modules should be more explicit.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 46672] Insufficient documentation for
mod_authn_dbd: password format
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=46672
Rich Bowen <rb...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
AssignedTo|bugs@httpd.apache.org |docs@httpd.apache.org
--- Comment #2 from Rich Bowen <rb...@apache.org> 2010-10-29 11:07:18 EDT ---
Moving docs bugs to docs@httpd.a.o ownership.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org