https://bz.apache.org/bugzilla/show_bug.cgi?id=68376
Bug ID: 68376
Summary: Feature: case-insensitive username match
Product: Apache httpd-2
Version: 2.4.37
Hardware: PC
OS: Linux
Status: NEW
Severity: enhancement
Priority: P2
Component: mod_authz_user
Assignee: bugs@httpd.apache.org
Reporter: e...@membled.com
Target Milestone: ---
In some environments the user name is case insensitive. So joe could enter JOE
at the authentication dialogue box, and his usual password, and authentication
will succeed. But authorization might then fail if the Apache config has
'require user joe'.
Obviously you can work around it with 'require user Joe JOE Joe', but it gets
hard to cover all combinations of case. All three user names are considered
equal by Microsoft Active Directory.
As well as 'require user', mod_authz_user should allow 'require
user-ignore-case' or some similarly named directive which does a
case-insensitive comparison against the list of allowed user names.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org
