[prev in list] [next in list] [prev in thread] [next in thread]
List: apr-dev
Subject: Password (getpass()) truncation issue on HP-UX in apr-0.9.18
From: Rajesh K Chaurasia <rajeshkc () yahoo ! com>
Date: 2010-06-23 7:09:49
Message-ID: 871267.60487.qm () web38007 ! mail ! mud ! yahoo ! com
[Download RAW message or body]
Hello APR Developers:
I am using subversion client on HP-UX which has a dependency on apr, apr-util. The \
packages available for HP-UX porting and archiving center from
http://hpux.connect.org.uk/hppd/hpux/Development/Libraries/apr-0.9.18/
has password truncation issue on HP-UX (all versions, 11.11, 11.23, 11,31) on PA-RISC \
and IA64.
I could track the issue to HP-UX getpass() API which truncates the password at 8 \
characters. Unfortunately, apr configure scripts finds and uses getpass() HP-UX API. \
To resolve the issue I had to edit .../apr-0.9.18/passwd/apr_getpass.c to manually \
undefine HAVE_GETPASS and let apr internal getpass() function be used.
#if defined(__hpux) || defined(__hpux__)
#undef HAVE_GETPASS
#endif
I checked the apr source tree up to 1.4.2 and the issue is present in all apr \
versions.
The recommended password reading API on HP-UX is getpasswd() defined in libsec. I \
would like to request apr developers to resolve the apr issue on HP-UX by either of \
following methods,
- On HP-UX, always use apr internal getpass() / apr_getpass().
- On HP-UX, configure should check for getpasswd() available in libsec library.
If this issue could be resolved in apr on HP-UX, we don't need users to make source \
change to apr to be able to use it on HP-UX with password lengths greater than 8 \
characters.
This is a critical issue being faced on HP-UX while using subversion client.
Regards
-Rajesh
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic