Actually, this just got reverted from 1.2.x - I think you'll find this actually breaks 'HTTP AUTH', and that there is confusion behind additional auth types that need to come as part of auth plugins and 'HTTP AUTH'

auth_prepare_password + auth_prepare_username set the username/password that "http auth" deals with - therefore auth_password_match needs to check the password matches, else it's a security risk.


On Wed, May 15, 2013 at 10:58 AM, GitHub <> wrote:
  Branch: refs/heads/master-1.2.x
  Commit: 4775bff79d4976707e156e18280fa9b83879450d
  Author: Damien Regad <>
  Date:   2013-05-15 (Wed, 15 May 2013)

  Changed paths:
    M core/authentication_api.php

  Log Message:
  Do not display login dialog when using HTTP_AUTH

Fixes #11084

AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
mantisbt-cvs mailing list