When an incorrect password is entered SWAT does not allow a second
chance to enter it correctly. It does not follow the http standard.
My colleague tells me :-
The 401 (unauthorized) response message is used by an origin server to
challenge the authorization of a user agent. This response must include
a WWW-Authenticate header field containing at least one challenge
applicable to the requested resource.
If the server does not wish to accept the credentials sent with a request,
it should return a 403 (forbidden) response.
It's the server that's broken. According to the first fragment, you
must send the WWW-Authenticate header with a 401, and it doesn't do
so in the case that you supply incorrect credentials.
*** Bug 793 has been marked as a duplicate of this bug. ***
I think this is fixed now. Please double check
the latest SAMBA_3_0 cvs.
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.