On Tue, Sep 17, 2002 at 11:01:49AM +0200, Thomas Beutin wrote:
> On Fri, Sep 13, 2002 at 01:21:57PM -0700, Joey M wrote:
> > Hey,
> >
> > I've set up mod_auth_pgsql several times successfully, but for some reason I
> > keep getting a "password mismatch" error on my latest install when I try to
> > log in to my protected site.
> >
> > I'm running postgresql 7.2.2, apache 1.3.26 on FreeBSD 4.6.2. The version of
> > mod_auth_pgsql I built into apache is 0.9.12.
> >
> > This is what my schema and current data look like:
> >
> > CREATE TABLE users (
> > username CHAR(25) PRIMARY KEY,
> > password CHAR(25) NOT NULL
> > );
> Are You using MD5 or crypt? I'm using crypt and had to change the
> size of the "password" field to char(13) to get this working.
Not surprising considering that char() is space padded. So when selecting
the password it's returned the result of crypt() plus 12 spaces. No match.
Using "text" or "varchar" would probably work better.
> But in general IMHO there is a problem in password comparsion in
> mod_auth_pgsql (trailing whitspace - maybe i'm wrong):
> "abc" != "abc "
Passwords are allowed to spaces in them.
--
Martijn van Oosterhout <kleptog@svana.org> http://svana.org/kleptog/
> There are 10 kinds of people in the world, those that can do binary
> arithmetic and those that can't.