when i configure my apache(version 1.3.27 and 1.3.33) for limiting someone to access the special directory,my configure is: AuthType Basic AuthName darkness AuthUserFile /path/to/authdb require valid-user and i create user "/path/to/apache/bin/htpasswd -c /path/to/authdb yejr",i enter the password "yejrhome".but i can access the directory if i enter the password that begin of "yejrhome",such as "yejrhomexx",i also can access it.
This is a feature of the crypt library on your system: in only looks at the first 8 characters of the password. To avoid it, use the -m option to htpasswd to create md5 passwords.
thanks much