shib2.load prevents webdav from reading .htpasswd file
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apache2 (Ubuntu) |
Expired
|
Undecided
|
Unassigned |
Bug Description
When I configure webdav in apache2 it works fine. ie. login to the secure directory from a web browser
When I install the following.....
apt-get install -y libapache2-
and it has enabled shib2.load within --/etc/
Once the details have been inputted into the web browser login box and then click the OK button it just reloads the login box.
lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 14.04 LTS
Release: 14.04
Codename: trusty
apachectl -V
Server version: Apache/2.4.7 (Ubuntu)
Server built: Apr 3 2014 12:20:28
Server's Module Magic Number: 20120211:27
Server loaded: APR 1.5.1-dev, APR-UTIL 1.5.3
Compiled using: APR 1.5.1-dev, APR-UTIL 1.5.3
Architecture: 64-bit
Server MPM: prefork
threaded: no
forked: yes (variable process count)
Server compiled with....
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_
-D APR_USE_
-D SINGLE_
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_
-D DYNAMIC_
-D HTTPD_ROOT=
-D SUEXEC_
-D DEFAULT_
-D DEFAULT_
-D DEFAULT_
-D AP_TYPES_
-D SERVER_
as a note this setup worked fine in 12.04.
As an additional note - once shib2.load within --/etc/
Regards
Bernie
affects: | launchpad → apache2 (Ubuntu) |
description: | updated |
description: | updated |
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find.