I have done the following
Steps to reproduce
Start a local Basic-auth registry and log in with the wrong password:
$ htpasswd -Bbn issue-user issue-password > "/Users/ras/Downloads/test_container/audit_artifacts/container-issue-repros-20260511-101939/tmp/auth-registry/htpasswd"
$ container run --name issue-auth-registry --detach --publish 127.0.0.1:5056:5000 --mount type=bind,source=/Users/ras/Downloads/test_container/audit_artifacts/container-issue-repros-20260511-101939/tmp/auth-registry,target=/auth,readonly -e REGISTRY_AUTH=htpasswd -e REGISTRY_AUTH_HTPASSWD_REALM=IssueRegistry -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd registry:2
[0/6] [0s]
[1/6] Fetching image [0s]
[1/6] Fetching image [1s]
[1/6] Fetching image 11% (3 of 8 blobs, 1.1/9.0 MB, 7 KB/s) [2s]
[2/6] Unpacking image [2s]
[2/6] Unpacking image for platform linux/arm64/v8 [2s]
[3/6] Fetching kernel [3s]
[4/6] Fetching init image [3s]
[5/6] Unpacking init image [3s]
[6/6] Starting container [3s]
[6/6] Starting container [4s]
issue-auth-registry
$ curl -sS -i http://127.0.0.1:5056/v2/
HTTP/1.1 401 Unauthorized
Content-Type: application/json; charset=utf-8
Docker-Distribution-Api-Version: registry/2.0
Www-Authenticate: Basic realm="IssueRegistry"
X-Content-Type-Options: nosniff
Date: Mon, 11 May 2026 17:22:00 GMT
Content-Length: 87
{"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":null}]}
$ curl -sS -i -u issue-user:issue-password http://127.0.0.1:5056/v2/
HTTP/1.1 200 OK
Content-Length: 2
Content-Type: application/json; charset=utf-8
Docker-Distribution-Api-Version: registry/2.0
X-Content-Type-Options: nosniff
Date: Mon, 11 May 2026 17:22:00 GMT
{}
$ printf 'wrong-password\n' | container registry login --scheme http --username issue-user --password-stdin 127.0.0.1:5056
Error: HTTP request to http://127.0.0.1:5056/v2/ failed with response: 401 Unauthorized. Reason: invalidArgument: "missing Bearer challenge in WWW-Authenticate header"
$ echo $?
1Problem description
For a Basic-auth registry, wrong-password and missing-credential failures should report an authentication problem. The current error exposes an internal Bearer challenge diagnostic and makes a valid Basic-auth registry look protocol-incompatible.
Environment
- OS: macOS 26.4.1 (25E253)
- Xcode: Xcode 26.4.1 (17E202)
- Container: container CLI 0.12.3 (build: release, commit: f989901)
Code of Conduct
I have done the following
Steps to reproduce
Start a local Basic-auth registry and log in with the wrong password:
Problem description
For a Basic-auth registry, wrong-password and missing-credential failures should report an authentication problem. The current error exposes an internal Bearer challenge diagnostic and makes a valid Basic-auth registry look protocol-incompatible.
Environment
Code of Conduct