Hiyas, I have a webserver running on OS X 10.3 Server. I have a passworded directory using '.htaccess'. I have two valid users, 'user' and 'user2k6' each with its own password. 'user2k6's password is 'currentpassword2k6'. But when i enter this page with my browser, it accepts any password when using 'user2k6' with 'currentpassword2*', where * is anything else, like a wild card. What's the cause for this?

'user' has no problem, but 'user2k6' passwords appears to be acting as if it had a wild card, but I am not aware of any wild card ability in htaccess passwords.

---------
My '.htaccess' files looks like this:
AuthType Basic
AuthName "admin"
AuthUserFile /rootdirectory/userfile
Require valid-user user user2k6

---------
My user password file looks like this:
user:encryptedpassword
user2k6:anotherencryptedpassword

---------
I created the passwords using the command:
"htpasswd -b userfile user2k6 currentpassword2k6"

I note that "currentpassword2" has 16 characters. What you describe is as if only the first 16 characters of the password are significant. I didn't notice anything about this in the 'htpasswd' man page, but I might have missed it, or maybe there's a bug?

from what I briefly read online, this seems to be an issue with Apache. I'd check the version you're running and possibly upgrade to the latest stable release. I'm not sure what version shipped with 10.3

yes, only the first 16 characters (In this example's case) mattered.

Currently it is the default packaged with OS 10.3 Server, Apache/1.3.33.

I'll try upgrading to a newer version of apache, but before that, could you direct me to the other sites that shows similar problems that I have? Thanks.

I googled for "htaccess password limit" and got these (http://www.google.com/search?q=htaccess+password+limit&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=org.mozilla:en-US:official) results.