Received: (qmail 1147 invoked from network); 26 Mar 1999 14:49:17 -0000
Message-Id: <85256740.0051BE4B.00@pismtpmta01.putnaminv.com>
Date: Fri, 26 Mar 1999 09:45:38 -0500
From: Stephen_Baumgartner@putnaminv.com
To: xm@geekmafia.dynip.com, apbugs@hyperreal.org
Cc: apbugs@apache.org
Subject: http authentication has broken from 1.3.4

>Number:         4147
>Category:       pending
>Synopsis:       http authentication has broken from 1.3.4
>Confidential:   yes
>Severity:       serious
>Priority:       medium
>Responsible:    gnats-admin
>State:          closed
>Class:          sw-bug
>Submitter-Id:   unknown
>Arrival-Date:   Fri Mar 26 06:50:01 PST 1999
>Last-Modified:  Tue Apr 20 12:21:40 PDT 1999
>Originator:     
>Organization:
>Release:        
>Environment:
>Description:
>How-To-Repeat:
>Fix:
>Audit-Trail:
State-Changed-From-To: open-closed
State-Changed-By: dgaudet
State-Changed-When: Tue Apr 20 12:21:40 PDT 1999
State-Changed-Why:
misfiled
>Unformatted:
Looking at the source, it appears that the developers got part way through
conversion to a BSD replacement for crypt() but then punted on WIN32.  The
new file ap_md5c.c (not present in 1.3.4) is hard wired at line 603 to
reject all passwords in WIN32.  The changes notes ought to have pointed
this out.

Steve Baumgartner