- From: Steinar Bang <sb@dod.no>
- Date: Thu, 03 Jun 2004 10:52:15 +0200
- To: www-lib@w3.org
The apache mod_auth_kerberos module by default has two WWW-Authenticate headers, one for "Negotiate", and one for "Basic". I believe this is the default behaviour for IIS as well. However the HTRequest structure only has room for a single authentication scheme, so the last WWW-Authentication header ("Basic" in this case) overwrites any previous values set. This means that my functions set with a call to HTAA_newModule(), are only called when I switch off password authentication.
Received on Thursday, 3 June 2004 04:52:21 UTC