Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
frontend/webdav: disable fallback-to-anonymous by default
Motivation: The webdav and frontend doors have a feature where a request where a user failed to authenticate (e.g., wrong password, expired certificate, ...) is treated as an anonymous request (i.e., as if no authentication was provided). This has proved quite confusing for users, as they have no immediate feedback after entering the wrong password. Instead, they see requests succeeding if the anonymous user is authorised; for example, when making a directory listing. The problem only becomes apparent when they attempt an operation that an anonymous user is not allowed to do; for example, uploading a file. It is then not clear that this failure comes from their failed (but apparently successful) authentication. Modification: Set the default to false: disabling this feature. Result: By default, dCache will now fail requests where the user has failed to authenticate. Anonymous requests may be supported by dCache (depending on configuration) but these are only available if the client makes these requests withou supplying credentials. Target: master Requires-notes: no Requires-book: no Patch: https://rb.dcache.org/r/12120/ Acked-by: Albert Rossi Acked-by: Olufemi Adeyemi Acked-by: Lea Morschel
- Loading branch information