[JDEV] Returning a different response code for non-existent users
stpeter at jabber.org
Tue Oct 9 11:07:32 CDT 2001
>From the perspective of the server, in both cases (unknown username,
incorrect password) you have provided incorrect authentication
information, so you are unauthorized. Within the server (i.e., authreg.c
vs. mod_auth_*.c), these errors could generate some different text but
right now they don't. You'd need to modify those files and then modify the
client you're using to show those errors according, because right now both
types of error return <error code='401'>Unauthorized</error>.
On Tue, 9 Oct 2001, Miguel A.L. Paraz wrote:
> Sorry for the cross-post between jadmin and jdev - I'm not sure if this is
> an admin thing that can be fixed using configuration, or if it needs coding,
> which I'm willing to do.
> Right now, a 401/unauthorized error is returned if a user does not exist.
> This is the same as if the password is incorrect.
> I would like to know how can it be setup that a different 4xx error is
> returned for nonexistent users.
> The reason why:
> I already have pre-existing dialup users in a RADIUS database.
> I already have the contributed mod_auth_radius running.
> I want the client to try logging in automatically using the
> dialup username/password. If the server gives an error that the user is not
> yet defined, then the client will register automatically.
> With the current setup, the client cannot tell if the 401 is due to
> the user not existing, or an incorrect password.
> I was trying to trace through the code, and found that it is not the mod_auth_*
> module that returns the 401 if the user does not exist. From the debug
> output, I could not easily tell which does the 401. I'd like to change the
> error to the "Not Registered" error or something relevant.
> Hints please? Thanks.
> jdev mailing list
> jdev at jabber.org
More information about the JDev