mod_auth-any/4206: password is checked successfully, but authentification fails

7 Apr 1999 11:20:03 -0000 

>Number:         4206
>Category:       mod_auth-any
>Synopsis:       password is checked successfully, but authentification fails
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Wed Apr  7 04:20:01 PDT 1999
>Last-Modified:
>Originator:     [EMAIL PROTECTED]
>Organization:
apache
>Release:        1.3.3.1
>Environment:
AIX V4.2.1
IBM HTTP Server V 1.3.3.1
Perl V5.00404
>Description:
When I executed following dbmmanage command, password added in password file
was successfully encrypted, but authentification failed.
    ./dbmmanage /user2 adduser kubota
And when I tried to access protected document from client browser, I got an
error message saying "No group file?".

UserID, Password
    UserID      kubota
    Password    1107

httpd.conf definition
    LoadModule dbm_auth_module /libexec/mod_auth_dbm.so

    <Directory /usr/lpp/HTTPServer/share/htdocs/manual>
        AuthType               Basic
        AuthName              "Protected Material"
        AuthDBMUserFile    /user2
        Require                  valid-user
    </Directory>
>How-To-Repeat:
Recreation steps
    1.Execute dbmmanage command
        ./dbmmanage /user2 adduser kubota
    2.Entere password twice at the prompt displayed
        1107
    3.Check the 'user2' file
        Password was successfully encrypted
    4.Access protected URL from client browser
        Couldn't retrieve document, and error message was written in error 
        log file as shown below
            configuration error: couldn't check access. No group file?: 
            manual/index.html

So I tried to edit group file, group2.pag, that contain only one line as shown 
below. (kubota is a user name, and test is a group name)

    kubotatest

And I wrote httpd.conf as follows.

    <Directory /usr/lpp/HTTPServer/share/htdocs/manual>
        AuthType               Basic
        AuthName              "Protected Material"
        AuthDBMUserFile    /user2
        AuthDBMUserFile    /group2
        Require                  valid-user
    </Directory>

But result was also same, and I got same error message saying "No group file?"
>Fix:
none
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <[EMAIL PROTECTED]> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]
[If you do not include this Cc, your reply may be ig-   ]
[nored unless you are responding to an explicit request ]
[from a developer.                                      ]
[Reply only with text; DO NOT SEND ATTACHMENTS!         ]

Reply via email to