On Tuesday 2010-07-06 10:37, Thomas Schmidt wrote:
cause of "osc ci" permission failure is caused by the double http request for
the remote resource access:
For the normal process with allow_anonymous disabled:
1. osc client sends the normal request without authentication header, then server
will give a 401 response with authentication requirement for real "API login".
2. osc client sends the same request again with authentication header which includes
the username and password, e.g.:
"Authorization: Basic amZkaW5nOm1vYmxpbjEyMw=="
Then when allow_anonymous is enabled with IP_ADDR:
1. osc client sends the normal request without authentication header, it passed the
anonymous access check since the api server has the same IP_ADDR as the webui server, it
will login with _nobody_.
Maybe it would be a good idea if the osc client always sends the authentication header by
I think so too, yes. That is what "most" other SCMs do.
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-buildservice+help(a)opensuse.org