Welcome! Log In Create A New Profile

Advanced

Re: Authentication error or maybe it isn't? - no user/password was provided

Maxim Dounin
October 21, 2013 07:54AM
Hello!

On Sun, Oct 20, 2013 at 05:17:37PM -0400, B.R. wrote:

> It's something a lot of people are bumping on.
>
> 401 HTTP covers both failed and missing authentication but isn't possible
> for Nginx to differentiate those states and thus only generate an error
> message on a failed (ie not empty credentials, either user or password
> containing something) attempt?
> That would make the error log more efficient as parsing it would provide
> more directly failed attempt to access a particular resource.
>
> Is it the standard way of doing things or is it your own?
> Are there some use cases or reasons against differentiating 401 answers?

The difference is already here.

The message "no user/password was provided for basic
authentication", as in original message, means exactly that: there
are no credentials provided.

On failed authentication, the "user ...: password mismatch"
message is logged. On unknown user, the "user ... was not
found in ..." message is logged.

It might make sense to downgrade the "no user/password ..."
message severity. Not sure though.

--
Maxim Dounin
http://nginx.org/en/donation.html

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

Authentication error or maybe it isn't? - no user/password was provided

dalmolin October 20, 2013 04:17PM

Re: Authentication error or maybe it isn't? - no user/password was provided

Francis Daly October 20, 2013 04:46PM

Re: Authentication error or maybe it isn't? - no user/password was provided

dalmolin October 21, 2013 02:40PM

Re: Authentication error or maybe it isn't? - no user/password was provided

Maxim Dounin October 20, 2013 04:52PM

Re: Authentication error or maybe it isn't? - no user/password was provided

B.R. October 20, 2013 05:20PM

Re: Authentication error or maybe it isn't? - no user/password was provided

Maxim Dounin October 21, 2013 07:54AM

Re: Authentication error or maybe it isn't? - no user/password was provided

B.R. October 21, 2013 10:18AM

Re: Authentication error or maybe it isn't? - no user/password was provided

Francis Daly October 21, 2013 10:36AM

Re: Authentication error or maybe it isn't? - no user/password was provided

B.R. October 21, 2013 10:52AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 68
Record Number of Users: 8 on December 15, 2016
Record Number of Guests: 386 on August 02, 2016
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready