Bug 1331453

Summary: Password not logged with Anonymous_LogEmail on
Product: Red Hat Enterprise Linux 6 Reporter: Martin Frodl <mfrodl>
Component: httpdAssignee: Luboš Uhliarik <luhliari>
Status: CLOSED NOTABUG QA Contact: BaseOS QE - Apps <qe-baseos-apps>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.7CC: jorton, qe-baseos-apps
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1331022 Environment:
Last Closed: 2016-08-10 10:28:37 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Martin Frodl 2016-04-28 14:38:40 UTC 
+++ This bug was initially created as a clone of Bug #1331022 +++

Description of problem:

In mod_authn_anon, the Anonymous_LogEmail directive controls password logging for anonymous users. When enabled (by default), the password entered should be logged in the error log [0]. In reality, the password is never logged.

Version-Release number of selected component (if applicable):
httpd-2.2.15-45.el6.x86_64

Steps to Reproduce:
# mkdir /var/www/html/private
# cat > /etc/httpd/conf.d/httpd.conf <<EOF
<Directory "/var/www/html/private">
    AuthName "Use 'anonymous' & Email address for guest entry"
    AuthType Basic
    AuthBasicProvider file anon
    AuthUserFile "conf/passwd"

    Anonymous_NoUserID off
    Anonymous_MustGiveEmail on
    Anonymous_VerifyEmail on
    Anonymous_LogEmail on
    Anonymous anonymous guest www test welcome

    Require valid-user
</Directory>
EOF
# htpasswd -c -b /etc/httpd/conf/passwd myuser mypassword
# service httpd start
# curl -v -u anonymous:anonymous http://localhost/private/

Actual results:
/var/log/httpd/error_log does not contain 'anonymous'

Expected results:
/var/log/httpd/error_log should contain 'anonymous'


[0] https://httpd.apache.org/docs/2.2/mod/mod_authn_anon.html#anonymous_logemail