zot/pkg/api/config at bfc59ad1206d4cbfcce83c0171a8d208c3973546 - zot

github/zot

mirror of https://github.com/project-zot/zot.git synced 2026-06-17 21:09:23 +08:00

Files

T

Andrei Aaron 7ceb01dcff fix(auth): add workaround for Docker client auth with mixed anonymous policies (#3868 )

* fix(auth): add workaround for Docker client auth with mixed anonymous policies

Docker client fails to authenticate to protected repositories when basic auth
(htpasswd/LDAP) is used with mixed access policies (some repos anonymous,
some requiring auth). This happens because Docker determines whether to send
credentials based on the /v2/ response - if it returns 200, Docker assumes
no auth is needed anywhere.

Add `forceDockerClientAuth` config option that, when enabled, forces 401 on
/v2/ for Docker clients, triggering Docker's authentication flow.

This workaround only affects Docker clients (detected via User-Agent).
Podman and other OCI-compliant clients are unaffected.

Refs: https://github.com/opencontainers/wg-auth/blob/main/docs/implementations/moby.md

Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com>

* feat: remove ForceDockerClientAuth flag and use only authz policies to determine the docker specific behavior

Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com>

---------

Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com>

2026-04-17 09:10:02 +03:00

redis

refactor(test): new apis for creating temporary files (#3605 )

2025-12-05 09:54:38 +02:00

config_elevated_test.go

GCS storage support (#3798 )

2026-02-18 23:41:21 -08:00

config_test.go

Introduce support for OIDC workload identity federation (#3711 )

2026-01-24 21:03:53 -08:00

config.go

fix(auth): add workaround for Docker client auth with mixed anonymous policies (#3868 )

2026-04-17 09:10:02 +03:00