Are there possible problems with long htaccess passwords or symbols in htaccess passwords?

Question

We have a directory we've protected using an .htaccess password. Both the username and password are long, complex, with various symbols.

I can log in from my machines (I've tried IE, Firefox, Chrome) without any difficulty. Some users however, can't log in, the login fails when they (attempt to) log in.

I've been searching the web for details of possible limitations on htaccess usernames/passwords, but not having much luck. I'd be especially interested in knowing if there are browser-version specific issues, that cause a given browser to choke on specific symbols or lengths.

I'm getting the impression from what I've found so far that crypt is used to encrypt the passwords, and some versions of crypt (presumably older?) can only handle lengths of 8 or 13?

score 1 · Answer 1 · answered Jan 14 '10 at 21:10

In my experience, when using Basic Auth only the first eight characters of the password matter. I.e. crypt truncates the password before doing its magic.

I think the limitations of Digest Auth are different, but I'd have to look them up to tell you.

That doesn't really help you with your problem though. Are these problem users able to log in if the usernames/passwords are typed by yourself, or if they're simplified to dictionary words? Might be related to a keymap difference.

Are there possible problems with long htaccess passwords or symbols in htaccess passwords?

1 Answers1