Justin Erenkrantz wrote:
> --On Monday, April 5, 2004 9:35 AM -0400 Geoffrey Young
> <[EMAIL PROTECTED]> wrote:
>
>> releases control to the next provider in the chain. this all leaves
>> digest
>> providers without a way to return 401 and stop the authentication chain.
>> basic providers, howe
--On Monday, April 5, 2004 9:35 AM -0400 Geoffrey Young
<[EMAIL PROTECTED]> wrote:
releases control to the next provider in the chain. this all leaves digest
providers without a way to return 401 and stop the authentication chain.
basic providers, however, can use AUTH_DENIED to accomplish this.
hi all
in 2.1 there is no supported API for a digest provider to deny a user
outright before a password match is tried.
digest providers are currently limited to AUTH_USER_NOT_FOUND or
AUTH_GENERAL_ERROR for errors. recent changes in AUTH_GENERAL_ERROR make it
return 500 to match how Basic auth
