NCSA Auth doesn't recognize usernames with capital letters

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

NCSA Auth doesn't recognize usernames with capital letters

Schokobecher
Hello,

I'm facing a really weird problem at the moment.
I'm using Squid 4.2 using the default Ubuntu compile options
(self-compiled) together with the NCSA Basic Auth helper and a passwd
file generated using "httpasswd -m".

If I add a user to it that starts with a capital letter (for example
"Bob") the auth always fails - until "Bob" becomes "bob" inside the
file, then the auth instantly works... and also for "Bob" since I use an
ACL like:

acl bob proxy_auth_regex -i bob

But the other way around is a no-go.

Did I miss something here?

Cheers,
Pierre

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: NCSA Auth doesn't recognize usernames with capital letters

Amos Jeffries
Administrator
On 28/11/18 10:28 am, Schokobecher wrote:

> Hello,
>
> I'm facing a really weird problem at the moment.
> I'm using Squid 4.2 using the default Ubuntu compile options
> (self-compiled) together with the NCSA Basic Auth helper and a passwd
> file generated using "httpasswd -m".
>
> If I add a user to it that starts with a capital letter (for example
> "Bob") the auth always fails - until "Bob" becomes "bob" inside the
> file, then the auth instantly works... and also for "Bob" since I use an
> ACL like:
>
> acl bob proxy_auth_regex -i bob
>
> But the other way around is a no-go.
>
> Did I miss something here?

Usernames are case sensitive. Your regex may accept insensitive values,
but the rest of the system is mandatory case sensitive.
 [ IME the systems doing UI tend to lower case inputs in order to avoid
security issues and headaches that come with with having two logins
"bob" and "Bob" for different users. ]

You can double-check what is going on with a cache.log trace from
"debug_options 11,2 28,8 29,9". The helper itself does not (yet) have
debug output unfortunately so if the issue is inside the OS crypt()
implementation it can be hard to see.

Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users