This is by design, to avoid unnecessarily leaking security-related
details.

However, if debug is enabled, then error message should be specific
about what caused the 401 -- but it should still be a 401.

** Changed in: keystone
       Status: In Progress => Won't Fix

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1238547

Title:
  differentiate between missing and non-enabled users

Status in OpenStack Identity (Keystone):
  Won't Fix

Bug description:
  The current implementation returns HTTP error code 401 (Unauthorized)
  even when the user exists and the password is correct, but the actual
  user is disabled.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1238547/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to     : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

Reply via email to