httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Greg Stein <gst...@lyra.org>
Subject Re: cvs commit: apache-1.3 STATUS
Date Tue, 09 May 2000 07:00:32 GMT
On Mon, 8 May 2000, Life is hard, and then you die wrote:
>...
> Ok, I can see that working, sort of. But then how do you handle AuthName?
> I.e. I want to set up both Basic and Digest for a directory:
> 
> <Directory /foo/>
> AuthType Basic
> AuthName basic-realm
> ...
> 
> AuthType +Digest
> AuthName digest-realm
> ...
> 
> </Directory>
> 
> I guess AuthName would have to be split up into AuthBasicName and
> AuthDigestName and not handled by the core.

Yes, there should be two different directives. Each type of authentication
must add a "challenge" (per RFC2617) to the available list, which
ultimately goes into WWW-Authenticate. Basic will only add a realm. Digest
has a realm, (multiple) domains, qop-options, etc. I see no problem using
different directives to set up these parameters.

(and maybe just with a "Digest" prefix rather than "AuthDigest")

> Also, the command handlers
> would have to know which of +, -, or no-prefix was specified so they
> could determine whether to add or remove the values, which in turn
> would require the core to know which directives belong together.

Urm. I think the +/- only goes in the selection of auth mechanisms. If you
have different directives, then (say) a digest directive would simply
override a parent dir/loc directive.

Ya know... maybe the right approach is simply to have something like:

<Location /foo>
  AuthBasic on
  AuthBasicRealm "blah"

  AuthDigest on
  AuthDigestRealm "baz"
  AuthDigestFoo ...
</Location>


In other words, deprecate AuthType and AuthName.

Cheers,
-g

-- 
Greg Stein, http://www.lyra.org/


Mime
View raw message