Turns out htpasswd limits passwords to 8 characters in length by default prior to Apache HTTPd v2.2.18. I run CentOS 5 with HTTPd v2.2.3. I don’t rely on .htaccess password access for anything serious but I do use it as an https ‘front door’ for one of my addresses which does have its own properly secured password access. I’ve been running it like this for years and I was sure something funny was going on entering the username/password combo in there. I swore I was noticing incorrect passwords getting through. Today I decided to test it out thoroughly.
If you’ve longed for the days of Apache 1.3 when you could run virtualhosts as different users/groups, well mod_itk is for you and me.
Update 2011-06-04: As it turns out, I never ran this module for long. It does appear to operate as advertised but I found I no longer really had a need to run privilege-separated httpd processes. Still, I hope someone finds this information useful.
If you’ve longed for the days of Apache 1.3 when you could run virtualhosts as different users/groups, well mod_itk is for you and me. It’s based on prefork and the author claims its running on production boxes, so hopefully this will bring back the good ol’ days.
This page was very helpful in combination with the homepage for me.
I’ve patched my server and am running this domain and newsx.org using their own users. All the other virtualhosts are running with default privs.
I really hope this works out because I’ve been wanting it for a long time.