HTTP/1.0 401 Unauthorized WWW-Authenticate: Basic realm="blaa.blaa" WWW-Authenticate: Pubkey realm="blaa.blaa", key="LQEWRsdfFDjf23SsDf2i1hjT=" ...Server replies that the document is protected, and it is willing to accept authentication done according to
Basic scheme is used to inform the
browser about servers that use the same password file (these servers
use the same realm name; this should be the main password server's
full machine name).
Kerberos or such is accepted, there is a header line
containing something like this:
WWW-Authenticate: KerberosV4 realm="bsdi.com", principle="foo"This can be specified in further detail by the person putting Kerberos in.
HTTP/1.0 200 Document follows DEK-Info: DES-CBC,BFF968AA74691AC1 Key-Info: DES_ECB,DJSFo7dSDFf34hKHFD8234jDFf2bfasdf832DF3nZ MIC-Info: MD5, LDKJF3kr34hfDuf23r98FBk38ftDFP9873hbrFDp9gb23kfDPF2b3JfKeL7G DLkwtDICl234FJi9834kjfslk ... other headers and the encrypted document follow ...
MIC-Info:fields are almost as in RFC1421.
Kerberos or such is used, there is also a header line
authenticating the server:
WWW-Authentication: KerberosV4 <kerberos-stuff>This is otherwise like
Authorization:, but it goes to the other direction, and there is no sence in naming it
Authorization:because server authorization-checks on client-side make no sence. This is to be specified in more detail by other instances.
Unauthorizedstatus code or otherwise figures authorization is needed, it sends authorization information along with the next request to the server.
GET whatever HTRQ/V1.0 Authorization: Basic KDENfKdifwekFD23nf== ...The string after
Basicis username:password encoded into printable characters per RFC1421.
GET whatever HTRQ/V1.0 Authorization: Pubkey GeHKWeaDrtErtyNhXfdGhKdgHDfghIfWekFD23nGDfg4gfX= ...The string after
Pubkeyis username:password:browser_inet_address:timestamp:browser_key encrypted by server's public key and encoded into printable characters.
GET whatever HTRQ/V1.0 Authorization: KerberosV4 <kerberos-ticket> ...This is to be specified in more detail by other instances.
AL 12 December 1993