httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Geoffrey Young <>
Subject returning AUTH_DENIED from a Digest provider
Date Mon, 05 Apr 2004 13:35:50 GMT
hi all

in 2.1 there is no supported API for a digest provider to deny a user
outright before a password match is tried.

digest providers are currently limited to AUTH_USER_NOT_FOUND or
AUTH_GENERAL_ERROR for errors.  recent changes in AUTH_GENERAL_ERROR make it
return 500 to match how Basic auth is handled, and AUTH_USER_NOT_FOUND
releases control to the next provider in the chain.  this all leaves digest
providers without a way to return 401 and stop the authentication chain.
basic providers, however, can use AUTH_DENIED to accomplish this.

so, I'd like to support AUTH_DENIED from digest providers as well.  this
simple patch is all that is required.


View raw message