[Catalog-sig] Mandatory Reset of PyPI Passwords
Richard Jones
richard at python.org
Fri Feb 15 22:08:41 CET 2013
On 15 February 2013 23:07, Vinay Sajip <vinay_sajip at yahoo.co.uk> wrote:
> Richard Jones <richard <at> python.org> writes:
>
>> Please change your passwords
>
> I've done this and it seems to have taken, but I noticed something odd. If I
> click on the "Clear Basic Auth" link, then if I type the new password into the
> login box which pops up, it never accepts the password. However, if I dismiss
> that login box, go back to the PyPI home page and click on the "Login" link, the
> login box *does* accept my new password. Could there be different code paths? I
> tried it a couple of times - yesterday, and again today. It could be me being a
> butterfingers, but I was trying to be careful when typing the password.
The only way to "log out" with Basic Auth is to have the server reject
an authentication attempt using it. So the Clear Basic Auth link
always rejects Basic Auth credentials, especially valid ones.
Richard
More information about the Catalog-SIG
mailing list