Andrei Pelinescu-Onciul writes:
No, you need to send it by hand. At least with ser auth_db, I would: if (!www_authenticate(....)){ ... if ($digest_challenge != "") append_to_reply("%$digest_challenge"); sl_reply("401", "Unauthorized"); }
can't do, because i don't want to call www_authenticate() at all, if there is no Authorization header in the request. i just want to call www_challenge() in such case.
P.S.: changing www_challenge() would be trivial, but requires testing. Only auth_send_reply() would need to be changed to use slb.send_reply() and probably a module param. added to select between forced stateless replies (lower processing) or auto replies.
i consider this a bug that should be fixed. please post the diff and i'll test it.
-- juha