On Fri, 14 Jan 2005, Varun wrote:
I am using squid with NSCA auth.
I type my user name and password and add a extra letter or number to my password and it logs in.
Why does it allow that ?
The good old "crypt" password hashing algorithm used by ncsa_auth and many other Unix applications only looks at the first 8 characters.
ncsa_auth found in the Squid-3 snapshots also supports MD5 hashing where there is no limit on the password length. this version of ncsa_auth works just fine wiht Squid-2.5 as well.
Regards Henrik
