httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Re: authn/authz split
Date Fri, 30 Aug 2002 14:54:45 GMT
At 01:48 AM 8/30/2002, Justin Erenkrantz wrote:
>Since no one had any feedback to the earlier posts about splitting
>the auth modules into authn/authz, I decided to just call it authn
>(old auth) and authz (what Dirk called access).
>
>http://www.apache.org/~jerenkrantz/new-aaa/aaa-authn-authz-split.tar.gz
>http://www.apache.org/~jerenkrantz/new-aaa/split/ (expanded)
>
>This is an extension over Dirk's aaa.tar.gz that he posted.  It
>does *not* add the provider API.
>
>Notes:
>- apr_lib.h isn't where apr_password_validate is, it's apr_md5.h.
>- renamed mod_access* to mod_authz*
>- mod_access.c->mod_authz_default.c
>- mod_auth.c->mod_auth_basic.c
>- removed all internal prefixes on the config_recs
>- style cleanup
>- AuthUserFile will be a bit wonky until mod_auth_basic is refactored with
>   provider support.
>
>My plan is to commit this tomorrow AM and then add in the provider
>support shortly thereafter.  Any new files will be created from
>scratch rather than try to keep revision history.  When we get
>done with this, the code won't look anything like what it was before.
>
>Any objections?

Only one veto here.  If it destabilizes the server, and we cannot react
to new security incidents, that's not acceptable.  Your next comment...

>I imagine auth may be a little wonky until this settles down, but
>once it settles down, we can ensure we're backwards-compat with the
>old aaa system.  No one other than Aaron and myself seem interested
>in calling this 2.1, so we stay at 2.0 with this and potentially not
>having directive back-compat if it doesn't shake out.  -- justin

...scares me.  Now that it's GA, we should really be treating the 2.0 tree
with the same respect and caution we use on the 1.3 tree.

It's time for a 2.1-dev tree, if we want to be playing with new ideas, guys.
If they test out clean and don't break compatibility [in any significant way]
then they can be backported to 2.0.

Bill



Mime
View raw message