I brought a new server up yesterday using Red Hat 8's httpd-2.0.40-8 and
based on the patches and comments I found in the list archive all was
eventually well. Today I updated various rpms on the box from the
official Red Hat updates and how AuthDBI is no longer working. I stuck
various debugging statements in until I drilled down to the point of
finding that crypt() seems to be the problem. Running perl from the
command line produces correct results:
# perl -e 'print crypt("test","0y"),"\n"';
0y5fZG4UG8Bd.
but when I add the logging statement into AuthDBI
$r->log_reason("password='$password' passwd_to_check='$passwd_to_check'
salt='$salt' accessing ", $r->uri);
between these lines:
my $passwd_to_check = $Attr->{encrypted} eq 'on' ? crypt($passwd_sent,
$password) : $passwd_sent;
# here in other words
if ($passwd_to_check eq $password) {
the logs show:
[Fri Jan 24 16:27:19 2003] [error] password='0y5fZG4UG8Bd.'
passwd_to_check='0ypz5H80XtTxw' salt='0y' accessing /cgi/test
So why did upgrading httpd break crypt?!?
--
</chris>
"Never offend people with style when you can offend them with substance."
- Sam Brown
