yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1238547] Re: differentiate between missing and non-enabled users

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Dolph Mathews <1238547@xxxxxxxxxxxxxxxxxx>
Date: Fri, 11 Oct 2013 15:17:54 -0000
Reply-to: Bug 1238547 <1238547@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This is by design, to avoid unnecessarily leaking security-related
details.

However, if debug is enabled, then error message should be specific
about what caused the 401 -- but it should still be a 401.

** Changed in: keystone
       Status: In Progress => Won't Fix

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1238547

Title:
  differentiate between missing and non-enabled users

Status in OpenStack Identity (Keystone):
  Won't Fix

Bug description:
  The current implementation returns HTTP error code 401 (Unauthorized)
  even when the user exists and the password is correct, but the actual
  user is disabled.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1238547/+subscriptions