[prev in list] [next in list] [prev in thread] [next in thread] 

List:       apr-dev
Subject:    Password (getpass()) truncation issue on HP-UX in apr-0.9.18
From:       Rajesh K Chaurasia <rajeshkc () yahoo ! com>
Date:       2010-06-23 7:09:49
Message-ID: 871267.60487.qm () web38007 ! mail ! mud ! yahoo ! com
[Download RAW message or body]

Hello APR Developers:

I am using subversion client on HP-UX which has a dependency on apr, apr-util. The \
packages available for HP-UX porting and archiving center from 

http://hpux.connect.org.uk/hppd/hpux/Development/Libraries/apr-0.9.18/

has password truncation issue on HP-UX (all versions, 11.11, 11.23, 11,31) on PA-RISC \
and IA64.

I could track the issue to HP-UX getpass() API which truncates the password at 8 \
characters. Unfortunately, apr configure scripts finds and uses getpass() HP-UX API. \
To resolve the issue I had to edit .../apr-0.9.18/passwd/apr_getpass.c to manually \
undefine HAVE_GETPASS and let apr internal getpass() function be used.

#if defined(__hpux) || defined(__hpux__)
  #undef HAVE_GETPASS
#endif

I checked the apr source tree up to 1.4.2 and the issue is present in all apr \
versions.

The recommended password reading API on HP-UX is getpasswd() defined in libsec. I \
would like to request apr developers to resolve the apr issue on HP-UX by either of \
following methods,

- On HP-UX, always use apr internal getpass() / apr_getpass().
- On HP-UX, configure should check for getpasswd() available in libsec library.

If this issue could be resolved in apr on HP-UX, we don't need users to make source \
change to apr to be able to use it on HP-UX with password lengths greater than 8 \
characters.

This is a critical issue being faced on HP-UX while using subversion client.

Regards
-Rajesh


      


[prev in list] [next in list] [prev in thread] [next in thread]