When an incorrect password is entered SWAT does not allow a second chance to enter it correctly. It does not follow the http standard. My colleague tells me :- http://www.w3.org/Protocols/HTTP/1.0/spec.html#AA The 401 (unauthorized) response message is used by an origin server to challenge the authorization of a user agent. This response must include a WWW-Authenticate header field containing at least one challenge applicable to the requested resource. ... If the server does not wish to accept the credentials sent with a request, it should return a 403 (forbidden) response. It's the server that's broken. According to the first fragment, you must send the WWW-Authenticate header with a 401, and it doesn't do so in the case that you supply incorrect credentials.
*** Bug 793 has been marked as a duplicate of this bug. ***
I think this is fixed now. Please double check the latest SAMBA_3_0 cvs.
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.