The apache mod_auth_kerberos module by default has two WWW-Authenticate headers, one for "Negotiate", and one for "Basic". I believe this is the default behaviour for IIS as well. However the HTRequest structure only has room for a single authentication scheme, so the last WWW-Authentication header ("Basic" in this case) overwrites any previous values set. This means that my functions set with a call to HTAA_newModule(), are only called when I switch off password authentication.Received on Thursday, 3 June 2004 04:52:21 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 23 April 2007 18:18:44 GMT