>Number: 5514 >Category: general >Synopsis: htpasswd encryption method with apache 1.3.x differs from >apache previous to 1.2 >Confidential: no >Severity: critical >Priority: medium >Responsible: apache >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Mon Dec 27 10:20:01 PST 1999 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.3.9 >Environment: BSD/OS corpweb1.jps.net 4.0.1 BSDI BSD/OS 4.0.1 Kernel #1: Sun Dec 19 12:54:06 PST 1999 [EMAIL PROTECTED]:/usr/src/sys/compile/LOCAL i386 >Description: Username/passwords within a htpasswd file from pre apache 1.2 are not compatible with apache 1.3.x. I have customers with approx. 80-100 usernames and passwords in their htpasswd files and all of them will have to be recreated by hand, except that we do not have a list of username/passwords within that file. >How-To-Repeat: Go to www.ufaa2.com, username/password is 'Steve Todd'/gundog. >Fix: Create a converter from pre apache 1.2 htpasswd files to apache 1.3 method. >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, you need] [to include <[EMAIL PROTECTED]> in the Cc line and make sure the] [subject line starts with the report component and number, with ] [or without any 'Re:' prefixes (such as "general/1098:" or ] ["Re: general/1098:"). If the subject doesn't match this ] [pattern, your message will be misfiled and ignored. The ] ["apbugs" address is not added to the Cc line of messages from ] [the database automatically because of the potential for mail ] [loops. If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request from a ] [developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]
