httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joshua Slive" <>
Subject RE: Authentication and Authorization
Date Fri, 07 Sep 2001 13:56:27 GMT

> -----Original Message-----
> From: Sander Striker []

> I've been going through the modules/aaa directory
> and found that modules there seem to implement both
> authentication and authorization.
> IMO this should be split.  Auth and authz are
> completely different things and it would be nice
> to have different modules to do authentication
> in a different way, but still utilize the same
> authorization method.

I believe this has been on the "future" list for apache for a very long
time.  I'd like to see it happen.  It is nuts that the dozens of mod_auth_*
modules need to redo all that logic.

> To accomplish this, an extra field would be needed
> in request_req (and that's probably not going
> to happen): request_req->groups, which holds
> a string with all the groups the authenticated
> user belongs to.

Just as a point of information, a relatively frequent request that I hear
from users is to provide group information in an env variable (REMOTE_GROUPS
analagous to REMOTE_USER).  This would certainly facilitate that.


View raw message