Anonymous ACLs gone bad

Has anyone come across “Anonymous ACLs gone bad”. I set some service ACLs to “Anonymous”. (I need anyone to access these services without authenticating to IS). This worked well for a few days, but IS suddenly began disallowing anonymous access - a “Basic authentication” dialog asking for username/password began popping up .

I tried setting/resetting the ACLs, and restarting the server to get it to reload the Anonymous ACLs - to no avail.

This problem is limited to one machine: One funny thing I’ve noticed on that machine is I don’t get the “Access Denied” message anymore when I hit “cancel” on the “Basic Authentication” dialog. Instead I get a HTTP 401 response and a blank page.

In constrast, on the machines without this problem, my browser get the following HTML when I hit “cancel”:

Access Denied

Hey guys – Quick heads-up – Beware of IS_4-6_SP2_Fix113 (at least w.r.t. Anonymous ACLs)!

While trying to fix another problem, I uninstalled Fix 113 and restarted IS. Well, this didn’t fix that other problem, but it did fix this one – Anonymous ACLs have started working again (no Basic Auth dialog pops up now). Now I’m also getting the proper “Access Denied” message if I click “cancel” on a Basic Auth dialog (while accessing services that aren’t assigned Anonymous ACLs).

When, oh when, will WM properly regression-test fixes?

I don’t know if this is a related problem or not. I am implementing some security for Web Services on IS 6.0. Our authenticated ticket is in an http Authenticator header with the content “CUKerberos base64-encoded-ticket”. All components of the web service have anonymous access in IS. About half of the attempts to access this service get an http 401 “Invalid Credentials” return, the rest of the time they work fine…