Opened 17 years ago
Closed 14 years ago
#1046 closed enhancement (wontfix)
htpasswd file doesn't work, if more than two fields exist
| Reported by: | Owned by: | John Hampton | |
|---|---|---|---|
| Priority: | normal | Component: | AccountManagerPlugin |
| Severity: | trivial | Keywords: | htpasswd file |
| Cc: | Thijs Triemstra | Trac Release: | 0.11 |
Description
while standard htpasswd files only have username:password it would be good to be able to add other fields to the htpasswd files (like Twiki does) separated by more ':'.. The current implementation reads the password till end of line instead of till next ':' - would be great to make it stop at next ':'
Attachments (1)
Change History (5)
comment:1 Changed 17 years ago by
| Severity: | normal → trivial |
|---|---|
| Type: | defect → enhancement |
Changed 17 years ago by
| Attachment: | 1046.patch added |
|---|
comment:2 follow-ups: 3 4 Changed 16 years ago by
| Owner: | changed from Matt Good to John Hampton |
|---|---|
| Trac Release: | 0.10 → 0.11 |
I know that this is a bit of a late response, but my question is: Why is it a good idea to allow for arbitrary fields in the htpasswd file?
In the case of a password file containing digest and normal password hashes, this would cause a problem as it would take the "realm" portion of the digest line to be the password for the given user.
comment:3 Changed 15 years ago by
| Cc: | Thijs Triemstra added; anonymous removed |
|---|
Replying to pacopablo:
I know that this is a bit of a late response, but my question is: Why is it a good idea to allow for arbitrary fields in the htpasswd file?
In the case of a password file containing digest and normal password hashes, this would cause a problem as it would take the "realm" portion of the digest line to be the password for the given user.
I was thinking the same, a htpasswd file should only contain a username and password.
comment:4 Changed 14 years ago by
| Keywords: | htpasswd file added |
|---|---|
| Resolution: | → wontfix |
| Status: | new → closed |
| Summary: | htpasswd file does not work when more than two fields exist → htpasswd file doesn't work, if more than two fields exist |
Replying to pacopablo:
I know that this is a bit of a late response, but my question is: Why is it a good idea to allow for arbitrary fields in the htpasswd file?
In the case of a password file containing digest and normal password hashes, this would cause a problem as it would take the "realm" portion of the digest line to be the password for the given user.
I looks unreasonable to me as well, to risk more issues in handling other valid files by implementing this.
As the reporter already has a solution for that special use case, even someone with similar demand could follow. Thanks for reporting, but we'll not include this into stock plugin code to prevent compatibility issues with htdigest files [1] as mentioned before.
[1] http://freebsdwiki.net/index.php/Apache,_Digest_Authentication
The patch that fixes the problem