Received: (qmail 46774 invoked by uid 65534); 6 Jan 2000 22:29:17 -0000 Message-Id: <20000106222917.46773.qmail@locus.apache.org> Date: 6 Jan 2000 22:29:17 -0000 From: Nakul Hoelz Reply-To: nakul@netron.com To: submit@bugz.apache.org Subject: Authentication has to happen twice X-Send-Pr-Version: 3.110 >Number: 5552 >Category: mod_auth-any >Synopsis: Authentication has to happen twice >Confidential: no >Severity: serious >Priority: medium >Responsible: apache >State: feedback >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Thu Jan 06 14:30:00 PST 2000 >Closed-Date: >Last-Modified: Wed Jun 07 12:53:30 PDT 2000 >Originator: nakul@netron.com >Release: 1.3.9 >Organization: >Environment: Server is running on Redhat 6.0. Client is Netscape 4.5/4.6 or 4.7 >Description: Module: mod_auth password files created with htpasswd Test case 1.) When Netscape authenticates access to a directory the username and password have to be entered twice before the server authenticates the username. IE5 in comparison to Netscape does not exhibit this problem. Test case 2.) With two useraccounts in the password file... entering the first one with the correct password, authentication fails. Entering the second pair of username and password directly thereafter creates an internal server error. >How-To-Repeat: Set up an environment as described above ... Redhat 6.0 Apache 1.3.9 use a simple authentication scheme with mod_auth and test with Netscape client >Fix: I believe the bug is in mod_auth.c or in one of the functions it calls. Probably in the first attempt to authenticate the username or password is not read properly into the variables that holds the username or password so that the authentication fails. On the second attempt the variables are both filled properly and the user can be authenticated. >Release-Note: >Audit-Trail: State-Changed-From-To: open-feedback State-Changed-By: coar State-Changed-When: Wed May 3 13:02:27 PDT 2000 State-Changed-Why: Please upgrade to 1.3.12 (or later) and let us know if this problem is still reproducible. Do you have any CGI scripts involved in the request you are making? Comment-Added-By: coar Comment-Added-When: Wed Jun 7 12:53:30 PDT 2000 Comment-Added: [This is a standard response.] This Apache problem report has not been updated recently. Please reply to this message if you have any additional information about this issue, or if you have answers to any questions that have been posed to you. If there are no outstanding questions, please consider this a request to try to reproduce the problem with the latest software release, if one has been made since last contact. If we don't hear from you, this report will be closed. If you have information to add, BE SURE to reply to this message and include the apbugs@Apache.Org address so it will be attached to the problem report! >Unformatted: [In order for any reply to be added to the PR database, you need] [to include in the Cc line and make sure the] [subject line starts with the report component and number, with ] [or without any 'Re:' prefixes (such as "general/1098:" or ] ["Re: general/1098:"). If the subject doesn't match this ] [pattern, your message will be misfiled and ignored. The ] ["apbugs" address is not added to the Cc line of messages from ] [the database automatically because of the potential for mail ] [loops. If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request from a ] [developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]