Re: passwords with strange characters doesn't work?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Eric Covener wrote:

On Thu, Sep 3, 2009 at 7:51 AM, Staffan Bergh<staffan.bergh@xxxxx> wrote:

Hi, I'm having a problem with authentication against our apache server.

Setup:
 apache 2.2.13 on windows XP sp3

in httpd.conf

<Location /test>
 AuthName "Test"
 AuthType Basic
 AuthUserFile C:/test/passwd
 Require valid-user
</Location>


In the passwd file, constructed with the apache htpasswd program on the
command line, is a user 'test'. With password 'testtestö' (note the last
character, it's a swedish o-with-umlaut) I get repeated queries for the
username/password

and in the error log

 [Thu Sep 03 10:28:16 2009] [error] [client 127.0.0.1] user test:
authentication failure for "/test": Password Mismatch


They have to match byte-for-byte, not just be the same characters in
their respective codepages.

In a terminal it's relatively easy, but guessing how different
browsers will read then decide what to put on the wire is hard.

LDAP is unique in that we always know the real passwords are UTF-8,
but we still can't do anything with a local codepage password
reliably. There is a controversial feature that tries to guess/convert
here: http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html#authldapcharsetconfig

It essentially guesses things like Accept-Language: Y implies the
browser sent the basic auth credentials in local codepage X.




Thanks for the explanation. Tried AuthLDAPCharSetConfig, but that made no
difference to the svn client access (no surprise there ...).

I guess I'll simply have to resign myself to 7-bit ASCII for passwords ...

Cheers /staffan

Staffan Bergh
System developer, KI Biobank, Karolinska Institutet
e: staffan.bergh@xxxxx / p: +46 8 524 87152


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux