Received: (qmail 21073 invoked by uid 501); 14 Jul 2001 00:40:59 -0000 Message-Id: <20010714004059.21072.qmail@apache.org> Date: 14 Jul 2001 00:40:59 -0000 From: Milos Rackov Reply-To: milos.rackov@psideo.com To: submit@bugz.apache.org Subject: Only 2 first passwords accepted from htpasswd X-Send-Pr-Version: 3.110 >Number: 8026 >Category: mod_access >Synopsis: Only 2 first passwords accepted from htpasswd >Confidential: no >Severity: serious >Priority: medium >Responsible: apache >State: closed >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Fri Jul 13 17:50:00 PDT 2001 >Closed-Date: Sun Jul 15 18:08:23 PDT 2001 >Last-Modified: Sun Jul 15 18:08:23 PDT 2001 >Originator: milos.rackov@psideo.com >Release: 1.3.6 >Organization: >Environment: Linux 2.2.14C10 #3 Wed Jun 21 15:05:10 JST 2000 i586 unknown Cobalt RaQ 3 >Description: I have tried to set up protected irectories in the httpd.conf file using: AuthType Basic AuthName " " AuthUserFile /name/of/non/accessable/dir/.passwdfile require valid-user Worked fine the first time, the second time, but the third time did not. When I have investigated deeper, it seems that now all directories I have protected are accessable by only first two users (one for the first dir, and the one for the second dir). I have created separate password files using htpasswd. I have restarted/reloaded the server. Even if I rename/delete the password files, still the same users have access to all dirs that are protected this way. Does Apache somehow cache these passwords? What can I do to flush this cache? >How-To-Repeat: >Fix: Upgrade of Apache is currently out of question on this machine. I was thinking even of rebooting the whole server to completlu flush the memory, but this is obviously kludge solution. >Release-Note: >Audit-Trail: State-Changed-From-To: open-closed State-Changed-By: slive State-Changed-When: Sun Jul 15 18:08:23 PDT 2001 State-Changed-Why: I am sorry, but if, as I suspect, you are using the version of Apache distributed with the RAQ3/whatever, then we really can't help you. This version has been modified to authenticate from the system password file, and we know nothing about how this works or does not work. Sorry, but you'll have to contact whomever gave you this distribution of Apache (Cobalt/Sun/whomever). >Unformatted: [In order for any reply to be added to the PR database, you need] [to include in the Cc line and make sure the] [subject line starts with the report component and number, with ] [or without any 'Re:' prefixes (such as "general/1098:" or ] ["Re: general/1098:"). If the subject doesn't match this ] [pattern, your message will be misfiled and ignored. The ] ["apbugs" address is not added to the Cc line of messages from ] [the database automatically because of the potential for mail ] [loops. If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request from a ] [developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]