Modify

Opened 8 years ago

Closed 4 years ago

#1046 closed enhancement (wontfix)

htpasswd file doesn't work, if more than two fields exist

Reported by: schwark@… Owned by: pacopablo
Priority: normal Component: AccountManagerPlugin
Severity: trivial Keywords: htpasswd file
Cc: thijs Trac Release: 0.11

Description

while standard htpasswd files only have username:password it would be good to be able to add other fields to the htpasswd files (like Twiki does) separated by more ':'.. The current implementation reads the password till end of line instead of till next ':' - would be great to make it stop at next ':'

Attachments (1)

1046.patch (569 bytes) - added by luchko@… 7 years ago.
The patch that fixes the problem

Download all attachments as: .zip

Change History (5)

comment:1 Changed 8 years ago by anonymous

  • Severity changed from normal to trivial
  • Type changed from defect to enhancement

Changed 7 years ago by luchko@…

The patch that fixes the problem

comment:2 follow-ups: Changed 6 years ago by pacopablo

  • Owner changed from mgood to pacopablo
  • Trac Release changed from 0.10 to 0.11

I know that this is a bit of a late response, but my question is: Why is it a good idea to allow for arbitrary fields in the htpasswd file?

In the case of a password file containing digest and normal password hashes, this would cause a problem as it would take the "realm" portion of the digest line to be the password for the given user.

comment:3 in reply to: ↑ 2 Changed 5 years ago by thijs

  • Cc thijs added; anonymous removed

Replying to pacopablo:

I know that this is a bit of a late response, but my question is: Why is it a good idea to allow for arbitrary fields in the htpasswd file?

In the case of a password file containing digest and normal password hashes, this would cause a problem as it would take the "realm" portion of the digest line to be the password for the given user.

I was thinking the same, a htpasswd file should only contain a username and password.

comment:4 in reply to: ↑ 2 Changed 4 years ago by hasienda

  • Keywords htpasswd file added
  • Resolution set to wontfix
  • Status changed from new to closed
  • Summary changed from htpasswd file does not work when more than two fields exist to htpasswd file doesn't work, if more than two fields exist

Replying to pacopablo:

I know that this is a bit of a late response, but my question is: Why is it a good idea to allow for arbitrary fields in the htpasswd file?

In the case of a password file containing digest and normal password hashes, this would cause a problem as it would take the "realm" portion of the digest line to be the password for the given user.

I looks unreasonable to me as well, to risk more issues in handling other valid files by implementing this.

As the reporter already has a solution for that special use case, even someone with similar demand could follow. Thanks for reporting, but we'll not include this into stock plugin code to prevent compatibility issues with htdigest files [1] as mentioned before.

[1] http://freebsdwiki.net/index.php/Apache,_Digest_Authentication

Add Comment

Modify Ticket

Action
as closed The owner will remain pacopablo.
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.