httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r..@apache.org
Subject Re: authn/authz split
Date Fri, 30 Aug 2002 15:09:17 GMT
On Fri, 30 Aug 2002, William A. Rowe, Jr. wrote:

> At 01:48 AM 8/30/2002, Justin Erenkrantz wrote:
> >Since no one had any feedback to the earlier posts about splitting
> >the auth modules into authn/authz, I decided to just call it authn
> >(old auth) and authz (what Dirk called access).
> >
> >http://www.apache.org/~jerenkrantz/new-aaa/aaa-authn-authz-split.tar.gz
> >http://www.apache.org/~jerenkrantz/new-aaa/split/ (expanded)
> >
> >This is an extension over Dirk's aaa.tar.gz that he posted.  It
> >does *not* add the provider API.
> >
> >Notes:
> >- apr_lib.h isn't where apr_password_validate is, it's apr_md5.h.
> >- renamed mod_access* to mod_authz*
> >- mod_access.c->mod_authz_default.c
> >- mod_auth.c->mod_auth_basic.c
> >- removed all internal prefixes on the config_recs
> >- style cleanup
> >- AuthUserFile will be a bit wonky until mod_auth_basic is refactored with
> >   provider support.
> >
> >My plan is to commit this tomorrow AM and then add in the provider
> >support shortly thereafter.  Any new files will be created from
> >scratch rather than try to keep revision history.  When we get
> >done with this, the code won't look anything like what it was before.
> >
> >Any objections?
> 
> Only one veto here.  If it destabilizes the server, and we cannot react
> to new security incidents, that's not acceptable.  Your next comment...
> 
> >I imagine auth may be a little wonky until this settles down, but
> >once it settles down, we can ensure we're backwards-compat with the
> >old aaa system.  No one other than Aaron and myself seem interested
> >in calling this 2.1, so we stay at 2.0 with this and potentially not
> >having directive back-compat if it doesn't shake out.  -- justin
> 
> ...scares me.  Now that it's GA, we should really be treating the 2.0 tree
> with the same respect and caution we use on the 1.3 tree.
> 
> It's time for a 2.1-dev tree, if we want to be playing with new ideas, guys.
> If they test out clean and don't break compatibility [in any significant way]
> then they can be backported to 2.0.

The 1.3 tree didn't become "stable" for many releases after the initial
release.  We definately didn't treat it with the respect and caution that
we now use until well after the first alphas for 2.0 came out, which was
years after the first 1.3 release.

Ryan

_______________________________________________________________________________
Ryan Bloom                        	rbb@apache.org
550 Jean St
Oakland CA 94610
-------------------------------------------------------------------------------


Mime
View raw message