W3C home > Mailing lists > Public > www-lib@w3.org > April to June 2004

HTRequest only holds a single auth scheme (Was: Kerberos...)

From: Steinar Bang <sb@dod.no>
Date: Thu, 03 Jun 2004 10:52:15 +0200
To: www-lib@w3.org
Message-ID: <87smddqb0g.fsf@dod.no>

The apache mod_auth_kerberos module by default has two
WWW-Authenticate headers, one for "Negotiate", and one for "Basic".  I
believe this is the default behaviour for IIS as well.

However the HTRequest structure only has room for a single
authentication scheme, so the last WWW-Authentication header ("Basic"
in this case) overwrites any previous values set.

This means that my functions set with a call to HTAA_newModule(), are
only called when I switch off password authentication.
Received on Thursday, 3 June 2004 04:52:21 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 23 April 2007 18:18:44 GMT