Bug 1122287 - Basic authentication is tried before GSSAPI
Summary: Basic authentication is tried before GSSAPI
Alias: None
Product: Fedora
Classification: Fedora
Component: firefox
Version: 20
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
Assignee: Gecko Maintainer
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2014-07-22 20:49 UTC by David Woodhouse
Modified: 2014-08-06 06:33 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2014-08-06 06:33:14 UTC

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Mozilla Foundation 650091 None None None Never
Mozilla Foundation 1042316 None None None Never

Description David Woodhouse 2014-07-22 20:49:06 UTC
I visit a web site which supports Basic, Negotiate and NTLM auth.:

With Firefox 30 I could authenticate by Negotiate or NTLM, I don't think it would ever try Basic. Certainly I never saw a password prompt, because Negotiate and NTLM authentication are all handled automatically (the latter with Samba's ntlm_auth helper).

Firefox 31 (firefox-31.0-1.fc20.x86_64) appears to be trying Basic auth before NTLM or even Negotiate. I get a password prompt; if I fill it in then I can see it trying Basic auth; if I hit cancel then it goes ahead and tries Negotiate like it should have done in the first place, which works.

This is broken; please don't ship this as an update in Fedora 20 until it's fixed.

Comment 1 David Woodhouse 2014-07-23 15:08:27 UTC
Apologies, this isn't a regression. It's just that the server randomises the order of its WWW-Authenticate: headers and it *happened* to give me Basic first when I was testing Firefox 31, and not when I was testing Firefox 30.

If I keep hitting 'reload', I see the same bug with Firefox 30 when the server sends Basic first.

So it's still a bug, but not a regresion.

Comment 2 Martin Stransky 2014-08-06 06:33:14 UTC
Thanks, let's track it upstream - https://bugzilla.mozilla.org/show_bug.cgi?id=650091

Note You need to log in before you can comment on or make changes to this bug.