Justin Erenkrantz wrote: > --On Monday, April 5, 2004 9:35 AM -0400 Geoffrey Young > <[EMAIL PROTECTED]> wrote: > >> releases control to the next provider in the chain. this all leaves >> digest >> providers without a way to return 401 and stop the authentication chain. >> basic providers, however, can use AUTH_DENIED to accomplish this. >> >> so, I'd like to support AUTH_DENIED from digest providers as well. this >> simple patch is all that is required. > > > No idea how a provider would figure out that AUTH_DENIED is appropriate > when using digest auth (the account itself is disabled is the only thing > I can think of right now).
well, the idea I had in mind was that you might want to insert a provider that denies auth merely based on the username or realm, maybe query a blacklist or something. I realize you could also do this by simply removing the user from your auth credential mechanism, but if you have a chain of providers you might want to quit early rather than run through them all. > Yet, this still seems reasonable to handle - > right now, we'd just return 500 rather than 401, so this seems fine by > me: +1. -- justin will do. thanks :) --Geoff
