diff options
author | Stef Walter <stef@memberwebs.com> | 2004-04-21 17:37:06 +0000 |
---|---|---|
committer | Stef Walter <stef@memberwebs.com> | 2004-04-21 17:37:06 +0000 |
commit | ff76efc3e5e1b0e4ca3b10b7402406f619509bba (patch) | |
tree | c3b1e49235f67eabd22d31ebfc14934743b70858 /doc/protocol.txt | |
parent | 01430fca169c1b8d7b1b4f1bdd529aa6bc4be80b (diff) |
Initial Import
Diffstat (limited to 'doc/protocol.txt')
-rw-r--r-- | doc/protocol.txt | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/doc/protocol.txt b/doc/protocol.txt new file mode 100644 index 0000000..05e32f2 --- /dev/null +++ b/doc/protocol.txt @@ -0,0 +1,46 @@ + + HTTP/AUTH PROTOCOL + +The protocol used between the stateful authenticator and the web servers +that wish to authenticate is described below. It's a simple text protocol, +similar to HTTP. The web servers send commands and headers to the daemon, +which replies with HTTP codes and headers. + +Multiple authentication requests can be processed on the same connection, +although the connection is not stateful. A authentication request initially +processed through one connection to the daemon can later be completed +through another. The commands are described below. + +AUTH method uri + + The AUTH command asks the daemon to perform authentication + for a given set of headers. + + method: is the authentication type. It might be 'NTLM'. + uri: the URI being authenticated. + + The AUTH command is followed by HTTP headers, one per line + until a blank line is found. These should contain the + authentication headers for the authentication protocol being + used. Extraneous headers are ignored. + + If multiple HTTP headers with the same name are received, then + the last one is used. Note that this is somewhat different than + the HTTP protocol. + +QUIT + + This closes the connection to the daemon. + + +The response from the daemon consists of an HTTP code, followed by headers +one per line. Note that only the headers to be added for authentication are +returned. For example: + + 401 + Header: value + Header2: value + +Success returns a 200, just like normal HTTP. Note that success can contain +headers that must also be sent to the client. + |