Avoid sin-binning my account after a password change

[marcelocantos]

If my AD account password changes, alpaca will keep retrying after a password failure. In such cases, alpaca should prompt for a new password. Same goes for mistyped passwords.

[samuong]

I'd like to avoid having any interactive prompts in alpaca, so that it can be run as a daemon or some other non-interactive scenario.

Another way to avoid getting a user's account blocked could be to maintain a list of unresponsive proxies, where the definition of "unresponsive" includes returning a bad credentials error. Mozilla's PAC documentation says that this is what the browser does:

The browser will automatically retry a previously unresponsive proxy after 30 minutes. Additional attempts will continue beginning at one hour, always adding 30 minutes to the elapsed time between attempts.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Proxy_servers_and_tunneling/Proxy_Auto-Configuration_(PAC)_file#Description

Hopefully this is enough to avoid getting blocked, but it's possible that some enterprises have strict enough rules that they will still block users who retry bad passwords after 30 minutes.

[rtfmoz2]

There should not be any immediate retries. If that's how the browser implements a backoff system then sounds great however it should also check if the password has changed and re-enable immediately