1.4.1. www_challenge(realm, qop)
The function challenges a user
agent. It will generate a WWW-Authorize header field containing a digest
challenge, it will put the header field into a response generated from the
request the server is processing and send the reply. Upon reception of such a
reply the user agent should compute credentials and retry the request. For more
information regarding digest authentication see RFC2617.
Meaning of the parameters is as
follows:
·
realm - Realm is a opaque string that the user agent
should present to the user so he can decide what username and password to use.
Usually this is domain of the host the server is running on.
If an empty string "" is
used then the server will generate it from the request. In case of REGISTER
requests To header field domain will be used (because
this header field represents a user being registered), for all other messages
From header field domain will be used.
The string may contain pseudo
variables.
·
qop - Value of this parameter can be
either "1" or "0". When set to 1 then the server will put qop parameter in the challenge. When set to 0 then the
server will not put qop parameter in the challenge.
It is strongly recommended to use qop parameter, however there are still some user agents that
cannot handle qop parameter properly so we made this
optional. On the other hand there are still some user agents that cannot handle
request without qop parameter too.
This function can be used from
REQUEST_ROUTE.
Example 1-7. www_challenge usage
...
if (www_authorize("siphub.net",
"subscriber")) {
www_challenge("siphub.net",
"1");
};
...
http://www.openser.org/docs/modules/1.2.x/auth.html#AEN127