You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2004/04/01 09:20:15 UTC

DO NOT REPLY [Bug 28117] New: - username for authentication is beeing wrongly escaped

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=28117>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=28117

username for authentication is beeing wrongly escaped

           Summary: username for authentication is beeing wrongly escaped
           Product: Apache httpd-2.0
           Version: 2.0-HEAD
          Platform: Other
        OS/Version: All
            Status: NEW
          Severity: Major
          Priority: Other
         Component: mod_auth
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: goldt@solidmedia.de


If you have a user say Domain\username then a value of Domain\\username will be
passed to the underlying authentication module and so authentication doesn't
succeed.
This happens with every backslash given anywhere e.g. \username will be
translated to \\username.
The request_req *r contains the username in r->user and this is where the
authentication modules like mod_auth_ldap get the wrong username.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org