On Fri, Apr 8, 2016 at 5:13 PM, Süleyman Kuran <skuran@ayk.gov.tr> wrote:
Hi there,
I am on Centos 7 httpd 2.4 mod_auth_radius 1.5.8 My virtual host file is as follows:
apache is not asking for username/password after 1 failed radius auth attempt. After 1 failed auth, Unauthorized page appears and if I refresh the page (F5) previous failed credentials are sent to the radius server without popping up a window asking for username/password. If login is OK the page is authorized. But if not, the user will have to wait for the popup window until the session is timed out.
if apache is configured for basic auth with htpasswd file. It asks for the password after failed login as expected.
It would be interesting to see the outputs of: # curl -v -k https://localhost/ # curl -v -k https://localhost/ -u bad_user:bad_pwd