httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Justin Erenkrantz <>
Subject Re: returning AUTH_DENIED from a Digest provider
Date Mon, 05 Apr 2004 17:23:53 GMT
--On Monday, April 5, 2004 9:35 AM -0400 Geoffrey Young 
<> wrote:

> releases control to the next provider in the chain.  this all leaves digest
> providers without a way to return 401 and stop the authentication chain.
> basic providers, however, can use AUTH_DENIED to accomplish this.
> so, I'd like to support AUTH_DENIED from digest providers as well.  this
> simple patch is all that is required.

No idea how a provider would figure out that AUTH_DENIED is appropriate when 
using digest auth (the account itself is disabled is the only thing I can 
think of right now).  Yet, this still seems reasonable to handle - right now, 
we'd just return 500 rather than 401, so this seems fine by me: +1.  -- justin

View raw message