Bug #2873
closedBasic Auth method not working
Description
Hi I am a newbie on lighttpd,
when I created some like this, I got this issue,
Lighttpd version 1.4.48 on arm core linux 3.14.18.
auth.debug = 2
auth.backend = "htdigest"
auth.backend.htdigest.userfile = "/lighttpd/.htdigest"
auth.require = ( "/config/" =>
(
"method" => "basic",
"realm" => "ByPassword",
"require" => "valid-user"
)
)
with this set-up, it couldn't reach host/config/ site, it kept popping up login page.
Anything I configured wrong?
Updated by gstrauss almost 7 years ago
- Category set to mod_auth
- Status changed from New to Invalid
- Target version deleted (
1.4.x)
Please do not file bugs to ask questions.
Read the doc Docs_ModAuth and post more specific questions in the forum after checking the lighttpd error log.
Updated by light_head almost 7 years ago
Sorry for the method I brought this issue.
I put some debugging codes into the mod_auth.c, what I found was, when the basic method password less than 6 characters, like "password:test", there would be extra character(s) after the real password and failed the password checking. (password doesn't match error, the password string would be test(xx), added two more bytes).
I traced back and found out that there were some modifications in base64.c, related changed base64_stanard_reverse_bable from "short" to "char". I revered the baser64.c back to version 1.4.39, this error went away.
Updated by avij almost 7 years ago
Is this related to ARM? On my x86_64 system basic auth works OK with all password lengths ranging from 1 to 20.
https://github.com/lighttpd/lighttpd1.4/commit/d4083effab0f9bf76528d5c47198b17e7471ed13 may be related. This fix is already in git head. Please test with that change.
Updated by avij almost 7 years ago
So this would probably be a duplicate of bug 2848.
Updated by gstrauss almost 7 years ago
- Status changed from Invalid to Duplicate
- Target version set to 1.4.49
thanks, avij
Updated by gstrauss almost 7 years ago
- Is duplicate of Bug #2848: buffer_append_base64_decode() broken on compilers where char is assumed unsigned added
Updated by light_head almost 7 years ago
Thanks, guys.
Just tested the patch of Bug#2848 worked.
It is a duplicates.
Also available in: Atom