www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From c...@hyperreal.org
Subject Re: os-windows/1651: Username/PW in htpasswd file not interpreted correctly
Date Tue, 20 Jan 1998 15:00:03 GMT
[In order for any reply to be added to the PR database, ]
[you need to include <apbugs@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]

Synopsis: Username/PW in htpasswd file not interpreted correctly

Comment-Added-By: coar
Comment-Added-When: Tue Jan 20 07:00:03 PST 1998
[Out-of-band comment made by another individual]:
marc wrote:
> Are you sure you had a blank line at the end of your
> passwd file?  It isn't necessary, but you do need to terminate
> the first line and that is the easiest way to make sure it happens...
> If you enter an empty password, the behaviour isn't defined.

Yes, you're right about that. However, this is not the essence of the

The right conclusion here is that the password matching *only* works for
passwords consisting of an empty string. In all other cases, the
matching fails with a "password mismatch" error as a result. In short,
password matching does not work even though the passwords are stored in
plain text.


Magnus Ingvarsson (mailto:magnusi@sisu.se)
Swedish Institute for Systems Development (SISU)

View raw message