[Webcalendar] Disappearing passwords
Maorong Zou
mzou a t math.utexas.edu
Tue, 26 Oct 2004 11:40:29 -0500
Matt Brodeur writes:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> This list seems pretty quiet, but I suppose it's the best place to
> ask.
>
> I recently installed WebCalendar 2.9.0 on a White Box 3.0 system
> running Apache HTTPd 2.0.46 and Perl 5.8.3. Any time I change a
> calendar's password (from the Options page) a blank password field is
> written to the passwd file. Because of this, any password will be
> accepted as valid for that account. This is happening with all
> calendars on the system.
> I have tried starting with an empty password file, pre-populating
> with the "pswd" program, and switching between mod_perl and straight
> CGI. I tested the password routine (webcalAuth::ChangeUserPassword)
> by hand, and it works as expected. The webcalConfig.pm file looks
> sane, and I added "'authbackend' => 'default'", without any benefit.
>
> Has anyone else seen this behavior? Any ideas?
>
This is a bad bug. There is a misplaced "}" in
sub CryptPlainPassword
in webcalAuth_default.pm that fails to generate
a salt for the crypt routine.
It is fixed now. You can get the new webcalAuth_default.pm
from the CVS repository.
http://cvs.math.utexas.edu/cgi-bin/cvsweb.cgi/?cvsroot=webCal
May thanks for pointing it out.
Best,
Maorong Zou
> - --
> Matt Brodeur RHCE
> MBrodeur a t NextTime.com http://www.NextTime.com
>
> If you're right 90% of the time, why quibble about the remaining 3%?
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.5 (GNU/Linux)
>
> iD8DBQFBfmwfc8/WFSz+GKMRAoEFAKCTcuNGIKkiRXFwJH00YfQdJsu7EwCgghRj
> MNy2Csdqg/NjDJW4M5jEdsI=
> =tybi
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Webcalendar mailing list
> Webcalendar a t www.math.utexas.edu
> http://www.math.utexas.edu/mailman/listinfo/webcalendar