httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dirk.vanGulik" <Dirk.vanGu...@jrc.it>
Subject Re: MD5
Date Mon, 08 Jan 1996 10:24:10 GMT

> > On Sat, 6 Jan 1996, Brian Behlendorf wrote:
> > 
> > > Well, you mean one would have to write a separate module for each 
> > > (authenticationtype,passworddatabase) pair.  This actually isn't true - 
> > > mod_auth and mod_dbm_auth *could* be combined, since they use different 
> > > configuration options.  At least, I've never had a problem compiling with 
> > > both turned on.  So, you could do a mod_auth_md5 and have config options 
> > > for using either DBM files, flat files, or even mSQL in the same module.
> > > 
> > > Or am I missing something?
> > 
> > No, you're not missing anything. My point was that the auth modules are
> > authentication-type-dependent. It'd be nice if one could write a module
> > that did authentication without having to worry about authentication type
> > - that should all be built into Apache, and the modules should have some
> > generic functions to call that will work with any authentication scheme, 
> > so we don't need different versions of the modules for each type. This is 
> > especially important if we want to support some kind of security 
> > negotiation in the future.
> 
> Apache-SSL actually fakes Basic authentication, but uses the "one-line" X509
> as the user name. This was done to avoid having to rewrite the authentication
> code. So, I'd agree, an authentication support module would be very nice.
> 

We are doing leveled authentification here, using the file for a few
fixed privelidged, the dbm as in intermidate cache and the mSQL for the
real stuff. I'll see if I an come up with something usefull there.

Question: Is a many layered auth something good ? 

Dw.

Mime
View raw message