X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=README_name_attr;fp=README_name_attr;h=0955214b23b3d8c7f106a2906726d05bebecc6ac;hb=76faf24834c2b060c1c813eec489c1b2d978a4ba;hp=1dcdec0f9977d6204b026621842dd0f55e1dc586;hpb=51a483b1adabe74a3d469bd157feb7168d5350f1;p=mod_auth_kerb.cvs%2F.git

diff --git a/README_name_attr b/README_name_attr
index 1dcdec0..0955214 100644
--- a/README_name_attr
+++ b/README_name_attr
@@ -1,3 +1,5 @@
+The module provides the following option to deal with GSS API name attributes:
+
 #### GssapiNameAttributes
 
 Enables the module to source Name Attributes from the client name
@@ -18,3 +20,18 @@ and with the string "0 attributes found", if no attributes are set.
     GssapiNameAttributes RADIUS_USER_NAME urn:ietf:params:gss:radius-attribute 1
     GssapiNameAttributes EPPN urn:ietf:params:gss:federated-saml-attribute urn:oasis:names:tc:SAML:2.0:attrname-format:uri urn:oid:1.3.6.1.4.1.5923.1.1.1.6
 
+#### Feedback on authentication failure reason
+
+In addition to this, in the event of an authentication failure,
+ the module exports an environment variable called MAG_ERROR wich contains one 
+of the following values:
+* "NO_AUTH_DATA" when the client did not send any authentication data (usually because the
+ appropriate libraries are not installed on the browser).
+* "UNSUP_AUTH_TYPE" when the client sent authentication data of an invalid type.
+* "GSS_MECH_ERROR" when the GSS mechanism failed for some reason (e.g. invalid credentials). 
+
+In addition to this, whenever MAG_ERROR takes a value of "GSS_MECH_ERROR", an additional environment
+variable named GSS_ERROR_STR is sourced. This variable contains the result of
+the gss_display_status() call and may help web developers to show a more appropriate error page/string
+to the user.
+