LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 04-11-2012, 07:19 PM   #1
Rory_L
LQ Newbie
 
Registered: Mar 2012
Location: Southern California
Distribution: Ubuntu 10.4
Posts: 7

Rep: Reputation: Disabled
NCSA_Auth accepts any password as long as it begins with a valid password


Hi all,

I've noticed some odd behavior with my squid proxy server using authentication.

I'm using NCSA_Auth to do basic authentication and have a user/password set up (for example) as username=user, password=password.

The odd behavior noticed is that I can give it 'password1' or 'password12' as a password as well and it will accept and authenticate. It wont accept 'passwor' or 'pass' so it appears that if the first part of what enters matches the password, well, Bob's your uncle, you're in.

Has anyone encountered this with NCSA_Auth before? Is this considered normal?



Rory
 
Old 04-12-2012, 07:18 PM   #2
rknichols
Senior Member
 
Registered: Aug 2009
Distribution: CentOS
Posts: 1,508

Rep: Reputation: 624Reputation: 624Reputation: 624Reputation: 624Reputation: 624Reputation: 624
That is almost certainly because you have hit the maximum length for a password, so only the first 8 characters matter. Try it with a shorter "good" password.
 
Old 04-12-2012, 07:21 PM   #3
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,289

Rep: Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034
Have a read of this http://readlist.com/lists/squid-cach...ers/0/422.html, which is probably related to original Unix where the limit (before MD5) was 8 SIGNIFICANT chars for a passwd.
It would accept more during passwd creation, but only use 1st 8 chars for verification during login.
 
  


Reply

Tags
squid


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
accepts root password after many tries lilly47 Linux - Newbie 5 10-21-2011 05:24 PM
my sshd accepts root login without password oxident Linux - Newbie 8 07-21-2011 06:44 AM
FTP server that accepts any username and password Gethyn Linux - Server 2 03-11-2009 03:16 PM
kdesu no longer accepts root password google01103 Suse/Novell 8 01-10-2007 02:36 AM
Allowing SSH to accepts ANY Password mperkel Linux - Security 14 11-01-2005 11:42 AM


All times are GMT -5. The time now is 12:30 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration