This file is indexed.

/usr/share/weblogin/generic/templates/login.tmpl is in webauth-weblogin 4.7.0-6build2.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <http-equiv="pragma" content="no-cache">
    <title>WebAuth Login</title>
  </head>

  [% IF notdefined %]
<!--
This is the template for the WebAuth login page.  This page is called from
login.fcgi script on the weblogin server.  It displays a form asking the
user for username and password.  Variables used:

error                  : some error occurred
err_missinginput       : one of username or password missing
err_username           : no username error
err_password           : no password error
err_loginfailed        : username and password were incorrect
err_forced             : web site requires username/password login
err_rejected           : username not permitted to authenticate
RT                     : Response Token
ST                     : Service Token
username               : the username
login_cancel           : a cancel URL was specified
cancel_url             : the specified cancel URL
show_remuser           : show a button for REMOTE_USER authentication
remuser_failed         : REMOTE_USER authentication was tried and failed
remuser_url            : where to send the user for REMOTE_USER auth

You may customize this file however you wish for your site.

The authors hereby relinquish any claim to any copyright that they may
have in this work, whether granted under contract or by operation of law
or international treaty, and hereby commit to the public, at large, that
they shall not, at any time in the future, seek to enforce any copyright
in this work against any person or entity, or prevent any person or
entity from copying, publishing, distributing or creating derivative
works of this work.
-->
  [% END %]

  <body onload="document.login.username.focus();">
    <h1 align="center">WebAuth Login</h1>
    [% IF error %]
      <div class="error" align="center">
        <p><strong>
          [% IF err_missinginput %]
            <!-- This is just the combination of err_username and
                 err_password if you want only one error message.  We
                 don't use it. -->
          [% END %]
          [% IF err_username && err_password %]
            <!-- Error: no username or password submitted. -->
            Error: Enter your username and password.
          [% ELSIF err_username %]
            <!-- Error: no username submitted. -->
            Error: Enter your username.
          [% ELSIF err_password %]
            <!-- Error: no password submitted. -->
            Error: Enter your password.
          [% END %]

          [% IF err_loginfailed %]
            <!-- Error: login failed. -->
            Error: You entered an incorrect username or password (or both).
          [% END %]

          [% IF err_rejected %]
            <!-- Error: user principal rejected. -->
            Error: That username may not authenticate to this service.
          [% END %]

          [% IF err_forced %]
            <!-- Not really an error, forced login. -->
            This web site requires that you log in with username and
            password.
          [% END %]
        </strong></p>
        <p>Click <a href="/help.html">help</a> for assistance.</p>
      </div>
    [% END %]

    [% IF remuser_failed %]
      <div class="error" align="center">
        <p><strong>Error: Apache authentication was tried and
        failed.</strong></p>
      </div>
    [% END %]

    <div class="loginbox" align="center">
      <table border="1" width="70%">
        <tr>
          <td><img alt="Login" src="/images/login.png"
                   width="160" height="160"/></td>
          <td>
            <div class="loginform">
              <form name="login"
                    action="[% script_name FILTER html %]"
                    method="post" autocomplete="OFF"
                    enctype="application/x-www-form-urlencoded">
                <input type="hidden" name="rm" value="index">
                <input type="hidden" name="RT"
                       value="[% RT FILTER html %]">
                <input type="hidden" name="ST"
                       value="[% ST FILTER html %]">
                <input type="hidden" name="login" value="yes">
                <table>
                  <tr>
                    <td><strong>Username:</strong></td>
                    <td><input name="username" type="text"
                               value="[% username FILTER html %]"
                               size="18"><br/></td>
                  </tr>
                  <tr>
                    <td><strong>Password:</strong></td>
                    <td><input name="password" type="password" size="18"></td>
                  </tr>
[% IF notdefined %]
<!--
One may allow the user to set an authorization identity during login.  It
will be rejected if not allowed for this site.  However, since an
authorization identity is normally rare rather than common, prompting
during every login is usually not appropriate.  Instead, it's handled by
the code in the confirm template that allows the user to change
authorization identities if appropriate.

                  <tr>
                    <td><strong>Identity:</strong></td>
                    <td><input name="authz_subject" type="text" size="18"></td>
                  </tr>
-->
[% END %]
                  <tr>
                    <td colspan="2" align="right">
[% IF remember_login %]
  [% IF remember_login == 'yes' %]
                      <input type="checkbox" name="remember_login" value="yes"
                             checked="checked">
  [% ELSE %]
                      <input type="checkbox" name="remember_login" value="yes">
  [% END %]
[% ELSE %]
                      <input type="checkbox" name="remember_login" value="yes"
                             checked="checked">
[% END %]
                      I use this machine regularly.
                    </td>
                  </tr>
                  <tr>
                    <td colspan="2" align="right">
                      <input type="submit" name="Submit" value="Login">
                    </td>
                  </tr>
                </table>
              </form>
            </div>
            <div class="loginlinks">
              <a href="/help.html">help</a>
              [% IF login_cancel %]
                <!-- The WebAuth Server has a cancel url.-->
                <a href="[% cancel_url FILTER html %]">cancel</a>
              [% END %]
            </div>
          </td>
        </tr>
      </table>
    </div>

    [% IF show_remuser %]
      <div class="remuserbox" align="center">
        <table border="1" width="70%">
          <tr>
              <td>
                Or skip entering your username and password.  Instead,
                log in using your computer login information via
                Apache authentication:
              </td>
              <td>
                <form action="[% remuser_url FILTER html %]"
                      method="get">
                  <input type="hidden" name="rm" value="index">
                  <input type="hidden" name="RT"
                         value="[% RT FILTER html %]">
                  <input type="hidden" name="ST"
                         value="[% ST FILTER html %]">
                  <input type="submit" name="Submit" value="remuser">
                </form>
              </td>
            </tr>
        </table>
      </div>
    [% END %]

    <div class="trailer">
      <h2>Caution:</h2>

      <p>Never enter your WebAuth username and password on a web page
      unless the page is a page directly served by the WebAuth login
      server.</p>
    </div>
  </body>
</html>