Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

option to 401 basic auth users to handle incorrect passwords #12

Open
stnoonan opened this issue Dec 13, 2013 · 7 comments
Open

option to 401 basic auth users to handle incorrect passwords #12

stnoonan opened this issue Dec 13, 2013 · 7 comments
Assignees
@stnoonan
Labels
enhancement

Comments

@stnoonan
Copy link
Owner

We use this plugin in a multi environment park and many users don't use SSO.
This change asks for password to users not in the SSO domain but don't ask again in case of mistake.
It's possible to add the two different behaviors with a new parameter for example ?

d335e08#commitcomment-4856316
@ghost ghost assigned stnoonan Dec 13, 2013
stnoonan referenced this issue Dec 13, 2013
@stnoonan
Return 403 when user is unauthorized
d335e08 
These changes disallow the continuous retries and provide for
significantly better behavior when used with Chrome

Fixes #9
@xiaods
Copy link

xiaods commented Aug 12, 2014

this patch is merged. why not close it?

@stnoonan
Copy link
Owner Author

There is no patch merged that fixes this. The current behavior does not prompt again when an incorrect password is provided, which is the behavior requested in the ticket.

@xiaods
Copy link

xiaods commented Aug 12, 2014

@stnoonan you mean changed from 403 to 401?

@stnoonan
Copy link
Owner Author

Yes, but only for basic auth. If we're properly doing negotiate, 403 is correct. If they're doing basic auth, they may have typed a password in wrong, so there should be at least one additional round of 401 responses.

@wells
Copy link

wells commented Dec 18, 2014

Looking forward to having this for those who don't do SPNEGO.

Will it continue asking after each failed attempt unless they give up/cancel?
What about after the first failure of basic? Is this fixing the 403 with no reattempt at auth on refresh?

Also, I found I had to specify my realm setting in order for basic to work (only tested Firefox so far).

@aperigault
Copy link

Hi!
I'm looking for update my nginx and again I see this issue open. Any news about a fix ? I use an older spnego-http-auth-nginx-module commit before d335e08 and I will be happy to use master branch :-).

@neptunao
Copy link

+1 this issue bother me too.

aperigault added a commit to aperigault/spnego-http-auth-nginx-module that referenced this issue Nov 23, 2017
@aperigault
Fix issue stnoonan#12
c0c417f
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@stnoonan stnoonan

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@xiaods @stnoonan @neptunao @wells @aperigault