On HP-UX B.11.23 ia64, apr 1.2.7 decides to use getpass(). This causes problems when we use subversion, because our password system allows the password to be longer than 8 characters. Thus, users with passwords longer than 8 cannot use the subversion password prompt. I've removed the check for getpass() in the configure script, forcing apr to use its internal implementation, and this seems to work for us. Of course, you will probably want to allow a better way of handling this that what I've come up with. This seems to be related to Bug 14701 which seems to be closed before Version 1.2.7 (but perhaps I'm not reading this right), which is why I opened this report. Here is a quote from the hpux getpass() man: getpass() reads up to a newline or EOF from the file /dev/tty, after prompting on the standard error output with the null-terminated string prompt and disabling echoing. A pointer is returned to a null- terminated string of at most 8 characters.
Created attachment 18719 [details] don't use system getpass() if PASS_MAX is too small It was fixed only really for Solaris which will use getpassphrase() instead; I guess HP-UX doesn't have that. Does this patch work?
The following returns nothing, so I'm mistified where PASS_MAX is set: cd httpd-2.2.3 find . -type f | xargs grep PASS_MAX
Is PASS_MAX supposed to be defined by some system header? Or does it just not exist on hpux?
Thanks for the clue Garrett ... it is here on HP-UX B.11.23 ia64: /usr/include/limits.h:# define PASS_MAX 8
I guess my only other concern is what is the 'correct' max length that ought to be supported? We came upon this issue because we authenticate against an ldap server for subversion. I'm guessing that a password to do this kind of bind/authentication could easily be up to 128 characters (perhaps more), and if the password prompt doesn't permit this, authentication fails. A quick look at Solaris 10 shows a MAX_PASS of 256 [I suppose this is for getpassphrase(), which is not available on HP-UX B.11.23 ia64].
I believe the default for our internal implementation is 256, for what it's worth.
Committed to trunk: http://svn.apache.org/viewvc?view=rev&rev=454774