Received: (qmail 67655 invoked by uid 65534); 27 Jan 2000 20:49:54 -0000 Message-Id: <20000127204954.67654.qmail@locus.apache.org> Date: 27 Jan 2000 20:49:54 -0000 From: Jason Matheson Reply-To: jason@calexis.com To: submit@bugz.apache.org Subject: .htpass does not work - password mismatch error X-Send-Pr-Version: 3.110 >Number: 5660 >Category: mod_auth-any >Synopsis: .htpass does not work - password mismatch error >Confidential: no >Severity: critical >Priority: medium >Responsible: apache >State: closed >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Thu Jan 27 12:50:00 PST 2000 >Closed-Date: Wed May 03 13:08:36 PDT 2000 >Last-Modified: Wed May 03 13:08:36 PDT 2000 >Originator: jason@calexis.com >Release: 1.3.9 >Organization: >Environment: Free BSD 3.3_19991130 OS Compiled Apache using the built in 'ports' Makefile >Description: I am using the htpasswd program with the -c switch. I keep getting an Authentication Failure when trying to login to a page that is protected by .htaccess / .htpasswd. The Apache error logs indicate a password mismatch error: user Jason: authentication failure for "/home/": password mismatch The strange thing is that this .htpasswd file works fine on my old BSDi 2.0 machine - with an old 1.2.x version of Apache. I have checked newsgroups and searched this entire site but havn't found any answers. Thanks >How-To-Repeat: >Fix: >Release-Note: >Audit-Trail: State-Changed-From-To: open-closed State-Changed-By: coar State-Changed-When: Wed May 3 13:08:35 PDT 2000 State-Changed-Why: Different operating systems often use different algorithms for their crypt() routine. This means that .htpasswd files are commonly not transportable. If you add the '-m' flag to your htpasswd command, the passwords will be encrypted using a common MD5 algorithm that is built into Apache. Passwords that are encrypted this way will work on any system, and the files are portable. Release-Changed-From-To: Apache 1.3.9 Server-1.3.9 Release-Changed-By: coar Release-Changed-When: Wed May 3 13:08:35 PDT 2000 >Unformatted: [In order for any reply to be added to the PR database, you need] [to include in the Cc line and make sure the] [subject line starts with the report component and number, with ] [or without any 'Re:' prefixes (such as "general/1098:" or ] ["Re: general/1098:"). If the subject doesn't match this ] [pattern, your message will be misfiled and ignored. The ] ["apbugs" address is not added to the Cc line of messages from ] [the database automatically because of the potential for mail ] [loops. If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request from a ] [developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]