On Wed, 10 Feb 2010 00:12:29 +0000, Jenny Lee <bodycare_5@xxxxxxxx> wrote: > Hmm, this mailing list seems to ignore me. > > auth_param basic casesensitive on > > as per: http://bugs.squid-cache.org/show_bug.cgi?id=431 > > fixed the problem for usernames in capitals. > > However, devising a solution for ncsa_auth to accept user/pass > case-insensitively still remains. > > Anyone with a similiar requirement and/or solution? The problem is that most security systems use hashes at some point. NCSA secure storage of the password data being the bit where you hit it. At that point the exact binary values of each character matter a *lot*. Changing the case of a single character will generate a completely different hash to compare against the one stored. You seem to be trying to fix a user problem by technical means. If you make all passwords lower case, somebody will still insist on pressing shift at some point to capitalize their pets name or something. Amos
