[1738] in WWW Security List Archive
Re: User Auth. -Reply
daemon@ATHENA.MIT.EDU (Nathan Neulinger)
Wed Mar 27 16:38:25 1996
Date: Wed, 27 Mar 1996 11:42:32 -0600
To: "Seth I. Rich" <seth@hygnet.com>, Baber_Amin@novell.com (Baber Amin)
From: nneul@umr.edu (Nathan Neulinger)
Cc: swcheung@hkimd.cig.mot.com, seth@hygnet.com, www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
I think I tried this, but it doesn't seem to work... I seem to recally
coming to the conclusion that netscape only flushes a password if a
successful one replaces it... It doesn't flush on a failure.
-- Nathan
At 11:26 AM 3/27/96, Seth I. Rich wrote:
>> Can I send a failed authentication responce to the browser after the
>>browser has been using
>> the authenticated session for a while and now wishes to logout.
>> Baber
>> :)
>
>My guess is `yes, you can'. Make a CGI script within the protected
>domain which returns a code to the browser indicating that the protection
>failed. I think the minimal case of such a document would look something
>like this:
>
>| HTTP/1.0 401 Unauthorized
>| Date: Tue, 12 Mar 1996 00:15:14 GMT
>| Content-type: text/html
>| WWW-Authenticate: Basic realm="ByPassword"
>|
>| <HTML><HEAD><TITLE>Authorization Required</TITLE></HEAD>
>| <BODY><H1>Authorization Required</H1>
>| Browser not authentication-capable or
>| authentication failed.
>| </BODY></HTML>
>
>I don't know what the browser will do when it gets that response, though.
>I usually try things before advising other people, but I haven't tried
>this. There's probably a way you can do this and not have it look awful,
>though.
>
>Seth
>---------------------------------------------------------------------------
>Seth I. Rich - seth@hygnet.com - (610) 859-0100
>Systems Administrator / Webmaster, HYGNet My words are my own; please
>Rabbits on walls, no problem. don't blame my employer!
------------------------------------------------------------
Nathan Neulinger Univ. of Missouri - Rolla
EMail: nneul@umr.edu Computing Services
WWW: http://www.umr.edu/~nneul SysAdmin: rollanet.org
