I have compiled and successfully tested draft version of library with
kerberos authentication code extracted from lighttpd.
For the present I have no clear idea how to smoothly integrate kerberos
authentication into "http" function
If there is no "Authorization: Negotiate ..." header in the
http-request, then pil should answer with 401:
(de http401 ()
(httpStat 401 "Unauthorized" "WWW-Authenticate: Negotiate") )
If there is "Authorization: Negotiate..." header, pil calls helper
library with base64 encoded blob from "Authorization" header.
The helper library does kerberos authentication against domain
controller and in case of success it writes delegated credentials of the
user into temporary cache. That cache can be used for delegated
authentication on other domain resources. E.g. pil can call ldapsearch,
ldapwhoami etc. Also, login name of the authenticated user is known at
this time, and can be used by pil to check/create user in the database...