Bug 33177

Summary: authenticate problem
Product: Apache httpd-1.3 Reporter: JinrongYe <helloyejr>
Component: Auth/AccessAssignee: Apache HTTPD Bugs Mailing List <bugs>
Status: CLOSED INVALID    
Severity: major    
Priority: P2    
Version: HEAD   
Target Milestone: ---   
Hardware: PC   
OS: Linux   

Description JinrongYe 2005-01-20 11:15:38 UTC
when i configure my apache(version 1.3.27 and 1.3.33) for limiting someone to
access the special directory,my configure is:
    AuthType Basic
    AuthName darkness
    AuthUserFile /path/to/authdb
    require valid-user
and i create user "/path/to/apache/bin/htpasswd -c /path/to/authdb yejr",i enter
the password "yejrhome".but i can access the directory if i enter the password
that begin of "yejrhome",such as "yejrhomexx",i also can access it.
Comment 1 Joshua Slive 2005-01-20 18:12:29 UTC
This is a feature of the crypt library on your system: in only looks at the
first 8 characters of the password.  To avoid it, use the -m option to htpasswd
to create md5 passwords.
Comment 2 JinrongYe 2005-01-21 04:03:01 UTC
thanks much