Hi folks,
I'm using httpd mod_authn_file for authenticating against a directory of my site, but I found I can pass the authentication with wrong password!
Here's the configuration:
Code:
<Directory /var/www/html/mysite/dir1>
AuthName "Need-password"
AuthType Basic
AuthUserFile /var/www/html/mysite/dir1/htpasswd.me
Require valid-user
Options +Indexes
AuthBasicProvider file
</Directory>
The module was loaded:
Code:
LoadModule authn_file_module modules/mod_authn_file.so
And I've set htpasswd.me with right permission:
Code:
[root@doxer_#1]# ls -l /var/www/html/mysite/dir1/htpasswd.me
-rw------- 1 apache apache 21 Jul 31 07:47 /var/www/html/mysite/dir1/htpasswd.me
I generated password using the right htpasswd -c /var/www/html/mysite/dir1/htpasswd.me username.
The sympotom is that:
- When I entered the wrong username, authentication will fail with right/wrong password;
- When I entered the right username, and the first several characters of the right password as password, authentication will pass!(this really puzzled me! For example, the right password was 'PassWord', but I found that 'PassWore' or 'PassWordExtra' would both pass!)
Can anyone shed some light on this? Thanks!
PS:Server version: Apache/2.2.3
.