From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.1a) Gecko/20020610 Description of problem: The basic authentication code is broken in the htdig-3.2.0b4-011302 version of htdig included in 7.3 (and currently available as a security update for other versions). Version-Release number of selected component (if applicable): htdig-web-3.2.0-2.011302 htdig-3.2.0-2.011302 How reproducible: Always Steps to Reproduce: 1.Set up a website with basic authentication. 2.Add an authorization: <username>:<password> line to htdig.conf 3.Run rundig. Actual Results: rundig (actually htdig) doesn't dig the protected pages. Expected Results: rundig to load and index the protected pages. Additional info: I found this problem described at: http://www.geocrawler.com/archives/3/8822/2002/1/150/7586782/ Excerpted: I did some more digging on the issue of broken basic auth in the htdig-3.2.0b4-011302 snapshot. > According to Roman Maeder: > > > Well, what would you consider a recent code change? Or more specifically, > > > what was the last version that you had running on your system? The HTTP > > > > the one installed and known to work is htdig-3.2.0b4-111801. > > I didn't test authentication with htdig-3.2.0b4-122301, because it > > had other problems. > > Well, that's strange. I looked through the recent changes to > htnet/HtHTTP.cc since late November, and I don't see anything there that > would break basic authentication. The only thing even remotely related > to it would be the addition of "const" keywords on lines 919 and 934 of > that file (the SetCredentials method), but I don't see what harm that > would cause. looks like this change broke it after all, because it was not done in the base class as well, so the method was no longer overridden, but a different one was defined, but the inherited one was used.
Created attachment 68404 [details] pretested patch for authentication problem
This was fixed in the htdig CVS source repository on Jan 18, 2002.
I'm one of the ht://Dig developers. We get a lot of complaints about this problem on the htdig-general mailing list. Even though the bug existed only for a week in the CVS code tree, it's been "immortalized" by Red Hat. That's the problem with basing a standard package on a pre-release snapshot of a beta version. We still recommend to users that they stick to the 3.1.6 stable release of ht://Dig, unless they really need the features of the 3.2 betas (like phrase searching). However, if Red Hat really would prefer to stick with a beta that's still under development, I'd recommend grabbing the upcoming Aug. 11, 2002 snapshot, which fixes quite a few problems in addition to the one with basic authentication. By the way, this problem isn't just in 7.3, but also the update rpms of htdig for 7.2 and 7.1, also based on the buggy 011302 snapshot.
I've updated our htdig packages to the latest snapshot of 20021103. If you could give it a shot and verify that it fixes the problem i'd greately appreciate it. Read ya, Phil
No response in over 1 year, assume this bug to be closed. Read ya, Phil