PDA

View Full Version : htaccess and password problem - wild cards?


XSoul
03-20-2006, 02:17 PM
Hiyas, I have a webserver running on OS X 10.3 Server. I have a passworded directory using '.htaccess'. I have two valid users, 'user' and 'user2k6' each with its own password. 'user2k6's password is 'currentpassword2k6'. But when i enter this page with my browser, it accepts any password when using 'user2k6' with 'currentpassword2*', where * is anything else, like a wild card. What's the cause for this?

'user' has no problem, but 'user2k6' passwords appears to be acting as if it had a wild card, but I am not aware of any wild card ability in htaccess passwords.

---------
My '.htaccess' files looks like this:
AuthType Basic
AuthName "admin"
AuthUserFile /rootdirectory/userfile
Require valid-user user user2k6

---------
My user password file looks like this:
user:encryptedpassword
user2k6:anotherencryptedpassword

---------
I created the passwords using the command:
"htpasswd -b userfile user2k6 currentpassword2k6"

hayne
03-20-2006, 02:51 PM
I note that "currentpassword2" has 16 characters. What you describe is as if only the first 16 characters of the password are significant. I didn't notice anything about this in the 'htpasswd' man page, but I might have missed it, or maybe there's a bug?

fat elvis
03-20-2006, 03:03 PM
from what I briefly read online, this seems to be an issue with Apache. I'd check the version you're running and possibly upgrade to the latest stable release. I'm not sure what version shipped with 10.3

XSoul
03-20-2006, 03:53 PM
yes, only the first 16 characters (In this example's case) mattered.

Currently it is the default packaged with OS 10.3 Server, Apache/1.3.33.

I'll try upgrading to a newer version of apache, but before that, could you direct me to the other sites that shows similar problems that I have? Thanks.

fat elvis
03-20-2006, 04:13 PM
I googled for "htaccess password limit" and got these (http://www.google.com/search?q=htaccess+password+limit&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=org.mozilla:en-US:official) results.