https://bugs.kde.org/show_bug.cgi?id=462182
Bug ID: 462182
Summary: HTTP access retries immediately and indefinitely when
received proxy authentication required (407)
Classification: I don't know
Product: kde
Version: unspecified
Platform: Other
OS: Linux
Status: REPORTED
Severity: major
Priority: NOR
Component: general
Assignee: unassigned-b...@kde.org
Reporter: luizl...@gmail.com
Target Milestone: ---
Some KDE apps/services like geolocation (location.services.mozilla.org) and
discovery does not deal with HTTP Code 407 correctly. They simply retries on
and on the same connection immediately after it gets 407. The frequency is so
high that it generates dozens of gigabytes of logs. It should, at least, wait a
couple of seconds.
In my site, the proxy authentication uses kerberos, but NTLM and basic are
still valid options. The issue is that the moment the failed sw runs, it might
not be a valid TGT. Normally you can stop the "DoS attack" signing out/in KDE.
It happens with different KDE apps and maybe it is a QT bug (I also saw that
behavior with OpenSUSE welcome app).
STEPS TO REPRODUCE
1. Configure a proxy that requires authentication
2. Configure KDE to use it (without offering the credentials)
3. Use some affected apps.
OBSERVED RESULT
4. a wave of failed authentications
EXPECTED RESULT
4. some failed authentications but with a much lower frequency
SOFTWARE/OS VERSIONS
Linux/KDE Plasma: OpenSUSE Tumbleweed 20221120
KDE Plasma Version: 5.26.3
KDE Frameworks Version: 5.100.0
Qt Version: 5.15.7
ADDITIONAL INFORMATION
--
You are receiving this mail because:
You are watching all bug changes.
