On Wed, Dec 01, 2004 at 09:36:32AM -0500, Jeff Trawick wrote: > HP-UX apparently has no other function than getpass(), and it silently > truncates after 8 characters. There are Apache httpd and Subversion > users grappling with this limit. (It caused a some puzzlement for me > with cvs too, but APR won't help that ;) ) > > The hint from Joe is to set ac_cv_func_getpass=no before running > configure. A nicer way would be to add a configure option such as > --enable-apr-getpass. But why not avoid the system getpass() by > default? Is maintaining compatibility with limitations of other > applications on the same system preferable to breaking compatibility > with the same application used on different systems with different > native capabilities?
Using the getpass replacement iff PASS_MAX is defined and "small" would sound sensible? The terminal handling of the APR getpass doesn't look as good as my nearest libc w.r.t. handling control characters though if that were fixed I guess it would be fine to use it on all platforms with POSIX termios support. But the trade-off is also against backwards-compatibility of APR, right? Use of long passwords could "break" when upgrading to a new version of APR with this fixed, since they would stop being truncated, although the workaround is obviously simple. I think I'd agree that compatibility of applications across platforms would be of more value than any of the other compatibilities, in any case! joe
