httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joshua Slive" <jos...@slive.ca>
Subject RE: Authentication and Authorization
Date Fri, 07 Sep 2001 13:56:27 GMT


> -----Original Message-----
> From: Sander Striker [mailto:striker@apache.org]

> I've been going through the modules/aaa directory
> and found that modules there seem to implement both
> authentication and authorization.
>
> IMO this should be split.  Auth and authz are
> completely different things and it would be nice
> to have different modules to do authentication
> in a different way, but still utilize the same
> authorization method.

I believe this has been on the "future" list for apache for a very long
time.  I'd like to see it happen.  It is nuts that the dozens of mod_auth_*
modules need to redo all that logic.

>
> To accomplish this, an extra field would be needed
> in request_req (and that's probably not going
> to happen): request_req->groups, which holds
> a string with all the groups the authenticated
> user belongs to.
>

Just as a point of information, a relatively frequent request that I hear
from users is to provide group information in an env variable (REMOTE_GROUPS
analagous to REMOTE_USER).  This would certainly facilitate that.

Joshua.


Mime
View raw message