Bug 1122287 - Basic authentication is tried before GSSAPI
Summary: Basic authentication is tried before GSSAPI
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Fedora
Classification: Fedora
Component: firefox
Version: 20
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Gecko Maintainer
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-07-22 20:49 UTC by David Woodhouse
Modified: 2014-08-06 06:33 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-08-06 06:33:14 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Mozilla Foundation 650091 None None None Never
Mozilla Foundation 1042316 None None None Never

Description David Woodhouse 2014-07-22 20:49:06 UTC
I visit a web site which supports Basic, Negotiate and NTLM auth.:

With Firefox 30 I could authenticate by Negotiate or NTLM, I don't think it would ever try Basic. Certainly I never saw a password prompt, because Negotiate and NTLM authentication are all handled automatically (the latter with Samba's ntlm_auth helper).

Firefox 31 (firefox-31.0-1.fc20.x86_64) appears to be trying Basic auth before NTLM or even Negotiate. I get a password prompt; if I fill it in then I can see it trying Basic auth; if I hit cancel then it goes ahead and tries Negotiate like it should have done in the first place, which works.

This is broken; please don't ship this as an update in Fedora 20 until it's fixed.

Comment 1 David Woodhouse 2014-07-23 15:08:27 UTC
Apologies, this isn't a regression. It's just that the server randomises the order of its WWW-Authenticate: headers and it *happened* to give me Basic first when I was testing Firefox 31, and not when I was testing Firefox 30.

If I keep hitting 'reload', I see the same bug with Firefox 30 when the server sends Basic first.

So it's still a bug, but not a regresion.

Comment 2 Martin Stransky 2014-08-06 06:33:14 UTC
Thanks, let's track it upstream - https://bugzilla.mozilla.org/show_bug.cgi?id=650091


Note You need to log in before you can comment on or make changes to this bug.