Bug 629 - SWAT handles incorrect password wrongly
SWAT handles incorrect password wrongly
Status: CLOSED FIXED
Product: Samba 3.0
Classification: Unclassified
Component: SWAT
3.0.0
Other other
: P3 normal
: none
Assigned To: John H Terpstra
:
: 793 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2003-10-15 05:17 UTC by Geoff Gibbs
Modified: 2005-08-24 10:19 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Geoff Gibbs 2003-10-15 05:17:27 UTC
When an incorrect password is entered SWAT does not allow a second
chance to enter it correctly. It does not follow the http standard.
My colleague tells me :-

http://www.w3.org/Protocols/HTTP/1.0/spec.html#AA

The 401 (unauthorized) response message is used by an origin server to
challenge the authorization of a user agent. This response must include
a WWW-Authenticate header field containing at least one challenge
applicable to the requested resource.

...

If the server does not wish to accept the credentials sent with a request,
it should return a 403 (forbidden) response.


It's the server that's broken. According to the first fragment, you
must send the WWW-Authenticate header with a 401, and it doesn't do
so in the case that you supply incorrect credentials.
Comment 1 Gerald (Jerry) Carter 2003-11-21 22:13:39 UTC
*** Bug 793 has been marked as a duplicate of this bug. ***
Comment 2 Gerald (Jerry) Carter 2003-11-21 22:14:49 UTC
I think this is fixed now.  Please double check 
the latest SAMBA_3_0 cvs.
Comment 3 Gerald (Jerry) Carter 2005-08-24 10:19:04 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.