Hash: SHA1

Doruk Fisek wrote:
> Thu, 17 Jul 2008 15:07:18 -0700, Micah Cowan <[EMAIL PROTECTED]> :
>> Then, please provide the logs from both wget 1.10.2 and wget 1.11.4
>> (with --auth-no-challenge), with the --debug flag.
> I attached the logs you requested.

It looks like --auth-no-challenge works when --user/--password or
- --http-user/--http-password is used; but not when the user/pass
information is passed directly via the URL. You can use
- --auth-no-challenge together with either of those option pairs as a

- --auth-no-challenge was intended to make wget 1.11.x behave like 1.10.2
with regard to authentication (that is, broken and insecure). It's
generally a bad idea to send authentication credits before the server
tells Wget what sort of authentication scheme should be used (it may
offer more secure alternatives to the "basic" mechanism). However, in
situations where the server uses forms-based authentication for
interactive communication, some servers accept authentication if
offered, but will not issue the challenge if it's not, instead expecting
users to authenticate through the forms; situations like that are why
- --auth-no-challenge was introduced.

I'll file a report for this issue; but if this is the only thing that
crops up, I probably won't roll a new 1.11.x maintenance release just
for that, so it'll have to wait until 1.12.

- --
Micah J. Cowan
Programmer, musician, typesetting enthusiast, gamer,
and GNU Wget Project Maintainer.
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


Reply via email to