- From: Steinar Bang <sb@dod.no>
- Date: Fri, 04 Jun 2004 10:00:16 +0200
- To: www-lib@w3.org
- Message-ID: <87pt8fu50v.fsf@dod.no>
>>>>> Steinar Bang <sb@dod.no>:
>>>>> Steinar Bang <sb@dod.no>:
>> The apache mod_auth_kerberos module by default has two
>> WWW-Authenticate headers, one for "Negotiate", and one for "Basic".
>> I believe this is the default behaviour for IIS as well.
>> However the HTRequest structure only has room for a single
>> authentication scheme, so the last WWW-Authentication header
>> ("Basic" in this case) overwrites any previous values set.
>> This means that my functions set with a call to HTAA_newModule(), are
>> only called when I switch off password authentication.
> Attached is my attempt at a patch for multiple auth schemes (diff done
> against libwww CVS HEAD). The idea is to iterate through the list in
> the order the WWW-Authenticate headers occur in the HTTP response, and
> if the implementation for a scheme returns HT_ERROR, skip to the next
> one.
The previous patch didn't build with MSVC7.1. I had to declare local
variables in a single block at the start of the functions.
New patch attached.
Attachments
- text/x-patch attachment: Multiple authentication schemes in HTResponse
Received on Friday, 4 June 2004 04:00:23 UTC