Created attachment 25050 [details]
for protocol.c

I'm coding a new authentication module and have some trouble with adding a proper 'WWW-Authenticate' header.

Apaceh2 separates aaa module to mod_auth_X and mod_authz_Y.
In current implementation, if mod_auth_X authenticates user 'foo' successfully and
mod_authz_Y does not authorize 'foo', mod_authz_Y calls function 'ap_note_auth_failure()'.
This function gets the authentication scheme by calling 'ap_auth_type(r)' and adds the associated 'WWW-Authenticate' header.

There are hard-coded invocations of 'ap_note_X_auth_failure' where X is 'basic' or 'digest', and there are almost same function in mod_auth_X as 'ap_note_X_auth_failure'.
This design also causes problem when making a new authentication module without editing 'server/protocol.c'.

I think the routine should reside only in mod_auth_X.
The following patch solves only the new scheme problem by setting a 'note-auth-failure' property in mod_auth_X.
'ap_note_X_auth_failure' in 'server/protocol.c' are not touched but can be removed by the same way.

The reason of the list structure has multiple headers.

(This issue was found during "HTTP Mutual Access Authentication Protocol" development. 
http://tools.ietf.org/html/draft-oiwa-http-mutualauth , 
https://www.rcis.aist.go.jp/special/MutualAuth/index-en.html ,
https://www.rcis.aist.go.jp/special/MutualAuth/software/mod_auth_mutual/index-en.html )