NOTE
If your issue is for security or deals with sensitive info please mark it as private using the checkbox below.
registry.fedoraproject.org appears to show successful logins on any user/pass combos. This is even more likely to confuse the user if they have multiple registries setup and registry.fedoraproject.org ends up being the first.
See: https://github.com/containers/podman/issues/17296#issuecomment-1410296422
The registry should return a failure on such attempts.
No rush :)
Metadata Update from @phsmoura: - Issue priority set to: Waiting on Assignee (was: Needs Review) - Issue tagged with: medium-gain, medium-trouble, ops
So, what happening here is that podman is hitting https://registry.fedoraproject.org/v2/ and getting a 200 from it, so it just assumes auth worked since it did not get a 401.
See https://github.com/containers/podman/discussions/12988 for some discussion on this.
I'm reluctant to change our server setup, how big a deal is this? (This is the first issue I have heard about it).
So, I don't think we are doing anything wrong here. I think if this is not desired, there should be some better checking on login other than just a 200 means logged in...
Feel free to reopen if you still need anything from us (and let us know what it is). ;)
Metadata Update from @kevin: - Issue close_status updated to: Will Not/Can Not fix - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.