On 16.04.07 13:27, Francesco P. Lovergine wrote: > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=419255 > > After a few checks I established that apparently the > SQLAuthType pushes a plain-text authentication which > is also used by the successive mod_auth_unix layer, instead > of a crypted one (which should be the default). > In order to replicate, it suffices to use a system account like > 'proftpd' or 'www-data' and use a password like '!' (at least on > Debian) I suspect the same for other platforms too, with a bit > different modalities.
AFAIK, using "!" or "*" for "encrypted" passwords is just and only a convention for indicating of disabled/locked accounts. The real meaning is, that crypt() function will never produce any of those passwords, so there is no password you can encrypt to get "!" or "*". if you use "!" or "*" as plaintext passwords, OF COURSE you can log in using "!" or "*". So, the problem comes out of misunderstanding in using "special" passwords and using plaintext passwords where encrypted passwords should be used. -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. On the other hand, you have different fingers. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
