[issue3209] http authentication issues incorrect password too many times and locks accounts
Dan LaMotte
bugs at mercurial.selenic.com
Tue Jan 17 09:48:56 CST 2012
New submission from Dan LaMotte <lamotte85 at gmail.com>:
To be complete, we are using Rhodecode, but I don't believe it's Rhodecode's
fault. We've configured Rhodecode to attach to the LDAP/AD server to
authenticate users. The LDAP/AD server allows 3 wrong password attempts
before locking the account. However, issuing one wrong password from the
command line ends up locking the account.
% hg incoming --debug -v
password:
using http://hostname.com/path/to/repo
http auth: user dlamotte, password not set
sending capabilities command
http authorization required
realm: LDAP authentication
user: dlamotte
http auth: user dlamotte, password **********
http auth: user dlamotte, password **********
http auth: user dlamotte, password **********
http auth: user dlamotte, password **********
http auth: user dlamotte, password **********
http auth: user dlamotte, password **********
abort: authorization failed
The repeated tries of 'http auth: ...' in the debug output makes me think
that it is retrying a bad password which is locking the account. While I
don't really believe it actually retried 6 times, it at least retries the
bad password 3 times to lock the account.
Locking accounts is _very_ annoying. I'd be happy to help in any way that I
can.
Thanks.
-Dan
----------
messages: 18653
nosy: dlamotte
priority: critical
status: unread
title: http authentication issues incorrect password too many times and locks accounts
____________________________________________________
Mercurial issue tracker <bugs at mercurial.selenic.com>
<http://mercurial.selenic.com/bts/issue3209>
____________________________________________________
More information about the Mercurial-devel
mailing list