- From: Steinar Bang <sb@dod.no>
- Date: Fri, 04 Jun 2004 07:57:38 +0200
- To: www-lib@w3.org
- Message-ID: <87u0xruap9.fsf@dod.no>
>>>>> Steinar Bang <sb@dod.no>:
> The apache mod_auth_kerberos module by default has two
> WWW-Authenticate headers, one for "Negotiate", and one for "Basic".
> I believe this is the default behaviour for IIS as well.
> However the HTRequest structure only has room for a single
> authentication scheme, so the last WWW-Authentication header
> ("Basic" in this case) overwrites any previous values set.
> This means that my functions set with a call to HTAA_newModule(), are
> only called when I switch off password authentication.
Attached is my attempt at a patch for multiple auth schemes (diff done
against libwww CVS HEAD). The idea is to iterate through the list in
the order the WWW-Authenticate headers occur in the HTTP response, and
if the implementation for a scheme returns HT_ERROR, skip to the next
one.
Caveat! This has not been extensively tested.
Attachments
- text/x-patch attachment: Multiple authentication schemes in HTResponse
Received on Friday, 4 June 2004 01:57:43 UTC