httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <>
Subject Re: Authentication and Authorization
Date Fri, 07 Sep 2001 13:49:53 GMT
Sander Striker wrote:

> IMO this should be split.  Auth and authz are
> completely different things and it would be nice
> to have different modules to do authentication
> in a different way, but still utilize the same
> authorization method.

I'm not sure if splitting them will accomplish this though. From the
LDAP auth stuff, the authentication phase and the authorisation phase
are separate, but share common configuration parameters (LDAP bind info,
for example), so splitting them wouldn't make much sense.

Also - there isn't a clear line over what constitutes an authentication
token - again, the LDAP authenticator converts a provided username into
a DN, which the authorisation phase uses to apply to the require
directives. If you have to mix up the different modules, you would need
to make sure they are all talking the same language (so to speak).

-----------------------------------------		"There's a moon
					over Bourbon Street
View raw message