Mailinglist Archive: opensuse-buildservice (332 mails)

[Jan Engelhardt <jengelh@xxxxxxxxxx>]

On Tuesday 2010-07-06 10:37, Thomas Schmidt wrote:
> >   The root cause of "osc ci" permission failure is caused by the double http 
> > request for the remote resource access:
> >     For the normal process with allow_anonymous disabled:
> >     1. osc client sends the normal request without authentication header, 
> > then server will give a 401 response with authentication requirement for 
> > real "API login".
> >     2. osc client sends the same request again with authentication header 
> > which includes the username and password, e.g.:
> >         "Authorization: Basic amZkaW5nOm1vYmxpbjEyMw==" 
> >
> >     Then when allow_anonymous is enabled with IP_ADDR:
> >     1. osc client sends the normal request without authentication header, it 
> > passed the anonymous access check since the api server has the same IP_ADDR 
> > as the webui server, it will login with _nobody_. 
>
> Maybe it would be a good idea if the osc client always sends the 
> authentication header by default?

I think so too, yes. That is what "most" other SCMs do.
-- 
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-buildservice+help@xxxxxxxxxxxx