W3C home > Mailing lists > Public > www-lib@w3.org > April to June 2004

Re: HTRequest only holds a single auth scheme

From: Steinar Bang <sb@dod.no>
Date: Fri, 04 Jun 2004 10:00:16 +0200
To: www-lib@w3.org
Message-ID: <87pt8fu50v.fsf@dod.no>
>>>>> Steinar Bang <sb@dod.no>:

>>>>> Steinar Bang <sb@dod.no>:
>> The apache mod_auth_kerberos module by default has two
>> WWW-Authenticate headers, one for "Negotiate", and one for "Basic".
>> I believe this is the default behaviour for IIS as well.

>> However the HTRequest structure only has room for a single
>> authentication scheme, so the last WWW-Authentication header
>> ("Basic" in this case) overwrites any previous values set.

>> This means that my functions set with a call to HTAA_newModule(), are
>> only called when I switch off password authentication.

> Attached is my attempt at a patch for multiple auth schemes (diff done
> against libwww CVS HEAD).  The idea is to iterate through the list in
> the order the WWW-Authenticate headers occur in the HTTP response, and
> if the implementation for a scheme returns HT_ERROR, skip to the next
> one. 

The previous patch didn't build with MSVC7.1.  I had to declare local
variables in a single block at the start of the functions.

New patch attached.



Received on Friday, 4 June 2004 04:00:23 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 23 April 2007 18:18:44 GMT