Hi,
On Fri, Oct 04, 2002 at 09:28:32AM +1200, John Barstow wrote:
> I added the auth_SSPI module to my Win32 Apache server and promptly began
> getting authorization failures from the subversion clients.
> A little poking indicated that digest and basic authentication are handled
> by the neon library, but not NTLM or Kerberos authentication. Now, I can
> handle coding that support up, but I'm not sure where to set my handlers to
> trap the 401 being returned by the server, where to add my negotiation
> headers, or how to inspect the server's headers. I've been trying to work
> out the control flow and it seems a bit confusing - probably because I've
> been doing C++ instead of C for so long.
> If someone can point me the right area, I can start hacking in the new
> support.
To add support for new auth protocols you can either modify ne_auth.c,
or add a separate module. Adding a new module is probably preferable
since it'll be a fair amount of code, I expect.
The ne_auth.c code is slightly obfuscated since to handle both proxy and
server auth abstractly, I believe that the SPNEGO stuff doesn't do proxy
auth, so it can be simpler. You need at minimum a create_request hook
which registers callbacks to fetch the WWW-Authenticate header, a
pre_send hook which adds an Authorization header when necessary, and a
post_send hook which checks for a 401 status-code and returns NE_RETRY
if the request should be retried.
Please send any neon questions you have to the mailing list at
neon@webdav.org.
Regards,
joe
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Fri Oct 4 00:32:55 2002