Date: Sun, 25 Feb 2001 00:07:47 +0900 (JST) From: sakukawa@bsdlab.net To: FreeBSD-gnats-submit@freebsd.org Subject: ports/25342: saint: user authentication fails in remote mode(-r) Message-ID: <200102241507.f1OF7lj84603@ns.bsdlab.net>
next in thread | raw e-mail | index | archive | help
>Number: 25342
>Category: ports
>Synopsis: saint: user authentication fails in remote mode(-r)
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-ports
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat Feb 24 07:10:01 PST 2001
>Closed-Date:
>Last-Modified:
>Originator: Tsuyoshi Sakukawa
>Release: FreeBSD 3.5-RELEASE i386
>Organization:
>Environment:
FreeBSD ns.bsdlab.net 3.5-RELEASE FreeBSD 3.5-RELEASE #2: Sat Dec 23 20:25:23 JST 2000
jyotaro@ns.bsdlab.net:/usr/src/sys/compile/asuka i386
>Description:
If saint uses in remote mode(-r option),
user authentication(HTTP Basic Authentication) is always fail.
>How-To-Repeat:
1. Install saint from ports.(ports/security/saint)
2. Run saint in remote mode.
$PREFIX/saint/saint -r -h `allow host`
3. set "admin" and "saint" password.
4. Access to saint from remote machine.
5. User authentication is always fail though using above password.
>Fix:
--- html/auth/saint_auth_action.pl.orig Sat Feb 24 23:55:43 2001
+++ html/auth/saint_auth_action.pl Sat Feb 24 23:55:50 2001
@@ -15,7 +15,7 @@
if (/^$username:/) {
$login_flag = 1;
($junk, $encr, $userid, $junk1) = split (/:/, $_, 4);
- $salt = substr($encr, 0, 2);
+ $salt = substr($encr, 3, 4);
if (crypt($password, $salt) eq $encr) {
$authenticated{$peer} = $userid;
$login_flag = 2;
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102241507.f1OF7lj84603>