Modify

Opened 10 years ago

Closed 6 years ago

#1046 closed enhancement (wontfix)

htpasswd file doesn't work, if more than two fields exist

Reported by: schwark@… Owned by: John Hampton
Priority: normal Component: AccountManagerPlugin
Severity: trivial Keywords: htpasswd file
Cc: Thijs Triemstra Trac Release: 0.11

Description

while standard htpasswd files only have username:password it would be good to be able to add other fields to the htpasswd files (like Twiki does) separated by more ':'.. The current implementation reads the password till end of line instead of till next ':' - would be great to make it stop at next ':'

Attachments (1)

1046.patch (569 bytes) - added by Sergei Luchko 10 years ago.
The patch that fixes the problem

Download all attachments as: .zip

Change History (5)

comment:1 Changed 10 years ago by anonymous

Severity: normaltrivial
Type: defectenhancement

Changed 10 years ago by Sergei Luchko

Attachment: 1046.patch added

The patch that fixes the problem

comment:2 Changed 8 years ago by John Hampton

Owner: changed from Matt Good to John Hampton
Trac Release: 0.100.11

I know that this is a bit of a late response, but my question is: Why is it a good idea to allow for arbitrary fields in the htpasswd file?

In the case of a password file containing digest and normal password hashes, this would cause a problem as it would take the "realm" portion of the digest line to be the password for the given user.

comment:3 in reply to:  2 Changed 8 years ago by Thijs Triemstra

Cc: Thijs Triemstra added; anonymous removed

Replying to pacopablo:

I know that this is a bit of a late response, but my question is: Why is it a good idea to allow for arbitrary fields in the htpasswd file?

In the case of a password file containing digest and normal password hashes, this would cause a problem as it would take the "realm" portion of the digest line to be the password for the given user.

I was thinking the same, a htpasswd file should only contain a username and password.

comment:4 in reply to:  2 Changed 6 years ago by Steffen Hoffmann

Keywords: htpasswd file added
Resolution: wontfix
Status: newclosed
Summary: htpasswd file does not work when more than two fields existhtpasswd file doesn't work, if more than two fields exist

Replying to pacopablo:

I know that this is a bit of a late response, but my question is: Why is it a good idea to allow for arbitrary fields in the htpasswd file?

In the case of a password file containing digest and normal password hashes, this would cause a problem as it would take the "realm" portion of the digest line to be the password for the given user.

I looks unreasonable to me as well, to risk more issues in handling other valid files by implementing this.

As the reporter already has a solution for that special use case, even someone with similar demand could follow. Thanks for reporting, but we'll not include this into stock plugin code to prevent compatibility issues with htdigest files [1] as mentioned before.

[1] http://freebsdwiki.net/index.php/Apache,_Digest_Authentication

Modify Ticket

Action
as closed The owner will remain John Hampton.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.