Return-Path: Delivered-To: apmail-new-httpd-archive@apache.org Received: (qmail 84877 invoked by uid 500); 19 Aug 2001 23:38:46 -0000 Mailing-List: contact new-httpd-help@apache.org; run by ezmlm Precedence: bulk Reply-To: new-httpd@apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list new-httpd@apache.org Received: (qmail 84866 invoked from network); 19 Aug 2001 23:38:45 -0000 Message-ID: <3B8050EC.6350BC6A@Golux.Com> Date: Sun, 19 Aug 2001 19:51:08 -0400 From: Rodent of Unusual Size Organization: The Apache Software Foundation X-Mailer: Mozilla 4.76 [en] (Win95; U) X-Accept-Language: en MIME-Version: 1.0 To: new-httpd@apache.org Subject: Re: mod_auth again References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: h31.sny.collab.net 1.6.2 0/1000/N Status: O X-Status: X-Keywords: X-UID: 830 "Ian Kallen " wrote: > > Oooh boy, I think this stuff is a mess (or if it's neater than my > perception of it, I need to get it clarified for myself :) Yes, it is very messy. I have a massively cleaned-up version in my head, but.. > It is my opinion that if AuthUserFile is not specified mod_auth > should decline; I'm indicating that I don't want mod_auth to have > any say in the authentication for this resource. If it is also labelled as authoritative, you have a conflict. I would prefer to resolve that conflict away from a 500 error visible to the user, although that is certainly defensible -- it *is* a config error. It would be nice if these handlers were passed a flag about forced authoritativeness -- the last module called should be considered authoritative even if the config does not expressly say so. And if there is a config error, the module that knows what it is should be the one to log the message, rather than the core guessing about it. -- #ken P-)} Ken Coar, Sanagendamgagwedweinini http://Golux.Com/coar/ Author, developer, opinionist http://Apache-Server.Com/ "All right everyone! Step away from the glowing hamburger!"