https://bz.apache.org/bugzilla/show_bug.cgi?id=59708
--- Comment #4 from Ben <b...@zvan.net> --- Thanks for this fix. I'd like to ask one more technical question about it: Are the wrapped realms authenticated before the lockout or is the lockout checked before attempting real authentication? Example: <Lockout realm> <LDAP realm/> </Lockout realm> If I try to authenticate but I'm in lockout, is LDAP triggered? It looks like the answer is probably "yes" because of the 401 Unauthorized response, which usually indicates authentication was successful. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
