Skip to content
Commit 377047b6 authored by Wilfredo Sanchez's avatar Wilfredo Sanchez
Browse files

when asking the providers for authentication, the main loop should

not only  break, if access is granted. It should also break, if
access was *denied*  by one provider. To be safe, it has to break
also, if an error occured. So  the patch turns the condition around
and continues only, if the user was  not found.
I find it also weird, that if auth was denied (by password
usually), the  AuthBasicAuthoritative behaviour can override that
by "passing to lower  modules". The patch changes that behaviour,
too.

Justin notes:
I'm kind of on the fence about that.  I was originally thinking
optimistically, but yeah, it might make sense to do it
pessimistically.  If there's any error, bug out.

Submitted by:	Andre Malo <nd@perlig.de>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97801 13f79535-47bb-0310-9956-ffa450edef68
parent dda6b73e
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment