- From: Steinar Bang <sb@dod.no>
- Date: Thu, 03 Jun 2004 10:52:15 +0200
- To: www-lib@w3.org
The apache mod_auth_kerberos module by default has two
WWW-Authenticate headers, one for "Negotiate", and one for "Basic". I
believe this is the default behaviour for IIS as well.
However the HTRequest structure only has room for a single
authentication scheme, so the last WWW-Authentication header ("Basic"
in this case) overwrites any previous values set.
This means that my functions set with a call to HTAA_newModule(), are
only called when I switch off password authentication.
Received on Thursday, 3 June 2004 04:52:21 UTC