I brought a new server up yesterday using Red Hat 8's httpd-2.0.40-8 and
based on the patches and comments I found in the list archive all was
eventually well.  Today I updated various rpms on the box from the 
official Red Hat updates and how AuthDBI is no longer working.  I stuck 
various debugging statements in until I drilled down to the point of 
finding that crypt() seems to be the problem.  Running perl from the 
command line produces correct results:
        # perl -e 'print crypt("test","0y"),"\n"';
        0y5fZG4UG8Bd.

but when I add the logging statement into AuthDBI

         $r->log_reason("password='$password' passwd_to_check='$passwd_to_check' 
salt='$salt' accessing ", $r->uri);

between these lines:

        my $passwd_to_check = $Attr->{encrypted} eq 'on' ? crypt($passwd_sent, 
$password) : $passwd_sent; 
        # here in other words
        if ($passwd_to_check eq $password) {

the logs show:
        [Fri Jan 24 16:27:19 2003] [error] password='0y5fZG4UG8Bd.' 
passwd_to_check='0ypz5H80XtTxw' salt='0y' accessing /cgi/test

So why did upgrading httpd break crypt?!?

-- 
</chris>

"Never offend people with style when you can offend them with substance."
                - Sam Brown 

Reply via email to