Multiple realms in one digest file with same user names lead to rejected authentication

[danielniccoli]

Original author: shez...@gmail.com (October 13, 2011 08:50:53)

What steps will reproduce the problem?

1. Create one htdigest file with two users, both named user, one in realm1, the other in realm2
2. Create two vServers, that both use the same htdigest file for authentication, one for realm1, the other for realm2
3. Try to access both servers

What is the expected output? What do you see instead? Expected: Both vServers grant access to the user with the correct password. Instead: One of the vServers rejects the user, even though all authentication information was transmitted. The rejected user is the one that is listed as the second in the htdigest file. I assume this is because the parsing of the htdigest file is not correct: Instead of searching for the user:realm combination, only the username is searched for.

What version of the product are you using? On what operating system? Cherokee Web Server 1.2.2 (Mar 23 2011) on Ubuntun 10.10

Please provide any additional information below.

Original issue: http://code.google.com/p/cherokee/issues/detail?id=1285

[danielniccoli]

From shez...@gmail.com on October 13, 2011 08:51:51 Please note that a simple workaround exists: Using two different htdigest files.