[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#245940: apache-ssl: htpasswd user not found



I have apache-ssl version 1.3.29.0.2-4
The only thing in README.debian about authentication is this.

* Authentication problems:
  Some users have experienced some authentication problems recently.
  We were able to spot the problem for apache installations that happened
  between version 1.3.28 and 1.3.28.0 due to a wrong default setup.
  For a mistake mod_auth_sys was enabled by default. Unfortunatly
  we cannot automatically remove the module since it would affect users
  that are actually using it.

* mod_auth_system needs www-data to be in the shadow group to work
  correctly. mod_auth_system itself is *BAD BAD BAD BAD* since it
  sends system passwords over http. use SSL encryption  if you have
  to do this, otherwise don't!

Is something missing in README.Debian? What can I do to correct this?

> On Thu, 13 May 2004, Randy Belk wrote:
>
>> Package: apache-ssl
>> Version: 1.3.29.0.2-4
>> Severity: important
>> Followup-For: Bug #245940
>>
>> After my stable upgrade to testing, .htpasswd's stopped working.
>> Apache (non-ssl) seems to work ok, but the SSL variant doesn't.
>>
>> The error.log shows:
>> [Thu May 13 16:02:17 2004] [error] [client XXX.XXX.XX.XXX] user  not
>> found: /~rbelk/private/
>>
>> Notice the two spaces after "user".
>>
>> Thanks,
>>
>> Randy Belk
>
> As you might have noticed the bug it self is not a bug but a document
> behaviour change from upstream. All relevant notes are alredy in
> README.Debian.
>
> Fabio
>
> --
> <user> fajita: step one
> <fajita> Whatever the problem, step one is always to look in the error
> log. <user> fajita: step two
> <fajita> When in danger or in doubt, step two is to scream and shout.


---------------------------------[ http://www.onlybsd.com/~rbelk/ ]--





Reply to: