[Dapper][Apache2] mod_auth_digest segfaults if user not in required group
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Apache2 Web Server |
In Progress
|
Critical
|
|||
| apache2 (Ubuntu) |
Triaged
|
Low
|
Unassigned | ||
Bug Description
Binary package hint: apache2
Apache segfaults if a user is not in a required group (it works if you use AuthType Basic)
So here is my setup
Directory which is protected
/var/www/download
.htaccess
Options +Indexes
AuthType Digest
AuthName "Download Bereich"
AuthDigestFile /etc/apache2/
AuthDigestGroupFile /etc/apache2/
AuthDigestDomain /download/
Require valid-user # Also fiddled around with Require group download, same result
Directory which contains additional access level
/var/www/
.htaccess
Require group test
As soon if a user is not in the group "test" apache segfaults and you just get a white blank screen if you accessing the parent directory with the browser (/var/www/download)
-rw-r--r-- 1 www-data root 50 2007-09-27 05:18 /etc/apache2/
download: testuser
test: anotheruser
When I use the same files just with AuthType Basic, it works like expected, it also works if the the user *IS* in the group which is required
NOTE:
As the Version used in Dapper has no debugging symbols, nor is a -dbg version available I cannot provide a backtrace
| Mathias Gug (mathiaz) wrote | #1 |
| Changed in apache2: | |
| importance: | Undecided → Low |
| status: | New → Incomplete |
| Changed in apache2: | |
| status: | Unknown → In Progress |
| Carsten Menke (carsten-menke) wrote | #2 |
| Changed in apache2 (Ubuntu): | |
| status: | Incomplete → Triaged |
| Changed in apache2: | |
| importance: | Unknown → Critical |
Thank you for taking the time to report this bug and helping to make Ubuntu better.
Thanks for posting a detailed test case. Could you specify how to create/generate the htdigest file ?