releases control to the next provider in the chain. this all leaves digest providers without a way to return 401 and stop the authentication chain. basic providers, however, can use AUTH_DENIED to accomplish this.
so, I'd like to support AUTH_DENIED from digest providers as well. this simple patch is all that is required.
No idea how a provider would figure out that AUTH_DENIED is appropriate when using digest auth (the account itself is disabled is the only thing I can think of right now). Yet, this still seems reasonable to handle - right now, we'd just return 500 rather than 401, so this seems fine by me: +1. -- justin
