On Sun, 6 May 2001, Emiliano wrote:
> Paul Gillingwater wrote:
>
> > One problem that's still bugging us however is with 1.4beta5a:
> >
> > (Apache/1.3.12 (Unix) mod_auth_pam/1.0a Midgard/1.4-beta5a/SG
> > PHP/3.0.16+Midgard/1.4-beta5a/SG )
> >
> > The problem is with authentication. When we press ENTER with the Basic
> > Authentication pop-up box containing an empty user name, Midgard will grant
> > access to the restricted site without argument -- yet if we type in a bad user
> > name or password combination, it will restrict access as expected.
>
> I remember something like this. I can't immediately find it in the CVS
> logs but I thought that was a while ago -- well before 1.4b5a.
>
> I can't reproduce this with 1.4.1 though.
I recall 1.4b5e being released to fix this particular bug. But I may well
be wrong in the minor release letter.
> No, it was mod_midgard. It accepted any valid logon, and since
> 'anonymous' was a valif return value for the authenticater... ahem. If
> it's the same problem we're seeing, of course.
>
Cheers,
--
'The joy of my life is in Zion - Lauryn Hill'
Armand A. Verstappen * <[EMAIL PROTECTED]> *
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
