[New-bugs-announce] [issue28291] urllib/urllib2 AbstractDigestAuthHandler locked to retried count of 5
secynic
report at bugs.python.org
Tue Sep 27 17:23:08 EDT 2016
New submission from secynic:
urllib/urllib2 AbstractDigestAuthHandler is hardcoded to 5 retries (self.retried). Normally this wouldn't be an issue.
Certain products link basic HTTP auth to Active Directory (yes, this shouldn't be a thing). When you have a failed login attempt lockout set on AD, this will lockout accounts on the very first failed Python basic auth attempt, if the AD lockout is set to 5 or less.
In my specific use case, I was able to override request.HTTPBasicAuthHandler.__init__() and request.HTTPBasicAuthHandler.reset_retry_count() by setting self.retried=5. One way to fix this would be to add a new retry_count argument to AbstractDigestAuthHandler.
I am a bit busy at the moment, but will submit a patch as soon as I get time.
----------
components: Library (Lib)
messages: 277549
nosy: secynic
priority: normal
severity: normal
status: open
title: urllib/urllib2 AbstractDigestAuthHandler locked to retried count of 5
type: enhancement
versions: Python 2.7, Python 3.3, Python 3.4, Python 3.5, Python 3.6, Python 3.7
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue28291>
_______________________________________
More information about the New-bugs-announce
mailing list