On Fri, 14 Jan 2005, Varun wrote:
> I am using squid with NSCA auth.
>
> I type my user name and password and
> add a extra letter or number to my password
> and it logs in.
>
> Why does it allow that ?
The good old "crypt" password hashing algorithm used by ncsa_auth and many
other Unix applications only looks at the first 8 characters.
ncsa_auth found in the Squid-3 snapshots also supports MD5 hashing where
there is no limit on the password length. this version of ncsa_auth works
just fine wiht Squid-2.5 as well.
Regards
Henrik
Received on Mon Jan 17 2005 - 03:06:25 MST
This archive was generated by hypermail pre-2.1.9 : Mon Mar 07 2005 - 12:59:35 MST