httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rodent of Unusual Size <Ken.C...@Golux.Com>
Subject Re: Auth - how much legacy to preserve ?
Date Mon, 22 Jul 2002 12:52:24 GMT
dirkx@covalent.net wrote:
> 
> While doing this patch (and ending up with 3 very small modules); I found
> the following legacy behaviour. Any feels as to if we shall kill these
> surprizing behaviourisms in 2.0 or stay as close to 1.3 as possibe ?:
> 
> ->      if there are no requires - but there is Auth happening
>         we actively OK.
> 
> ->      If there are no requires for the method (but there are
>         requires for that directory for other methods)
>         we actively OK.
> 
> ->      If we have for example a (Group,..)File but opening it failes
>         then we ignore any 'require group' and DECLINE to other modules.

I don't find those surprising at all; they're what I would expect.

> Proposal to fixing these leaks (comment now or wait for code) and allowing
> small footprint modules to take part of the process over:
> 
> ->      mod_auth_file
>                 auth UserID/passwd against file
>                         DECLINE if no file configured

If not file configured, but Require present, UNAUTH (or 500) if authoritative;
otherwise DECLINE.

>                         ERROR   if file read error (was DECLINE/UNAUTH)

No, UNAUTH if authoritative, DECLINE otherwise.  The client should NOT be
told there is a config error.  Log the problem.

> ->      mod_auth_groupfile
>                 checks UserID against required 'require (valid-)group'
>                         DECLINE if no requirements at all (was OK)
>                         DECLINE if no group file configurued

No, similar to above.

>                         ERROR   if file read error (was IGNORE)

UNAUTH.  DON'T tell the user there's anything except a Boolean auth failure.

Et cetera.
-- 
#ken	P-)}

Ken Coar, Sanagendamgagwedweinini  http://Golux.Com/coar/
Author, developer, opinionist      http://Apache-Server.Com/

"Millennium hand and shrimp!"

Mime
View raw message