Return-Path: 
 <dev-return-32552-apmail-httpd-dev-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-dev-archive@httpd.apache.org
Received: (qmail 92987 invoked by uid 500); 27 Aug 2002 17:42:17 -0000
Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help: <mailto:dev-help@httpd.apache.org>
list-unsubscribe: <mailto:dev-unsubscribe@httpd.apache.org>
list-post: <mailto:dev@httpd.apache.org>
Delivered-To: mailing list dev@httpd.apache.org
Received: (qmail 92974 invoked from network); 27 Aug 2002 17:42:17 -0000
Date: Tue, 27 Aug 2002 19:42:20 +0200 (CEST)
From: Dirk-Willem van Gulik <dirkx@webweaving.org>
X-X-Sender: dirkx@foem.leiden.webweaving.org
To: dev@httpd.apache.org
Subject: Re: authentication rewrite
In-Reply-To: <20020827165109.GB21273@apache.org>
Message-ID: <20020827193954.X35881-100000@foem.leiden.webweaving.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N


> Yeah, you hit the problem with stacking - authoritative.  I'm not
> sure how useful having multiple backends could be.  I'd almost
> suggest that something like a PAM backend would be much better and
> allows a fairly standard configuration.  (I know Dirk has a PAM

It is integrated into the PAM project at the sourceforge. I've worked with
the author(s) to give it an ASF style license - and they'd be more than
happy to share/donate the module to the ASF.

Issues with respect to Maintenace and Community would of course still be
there and I've not looked into that.

> module somewhere.)  That removes the stacking component entirely if
> we supported PAM.

Actually - because of PAM, especially remote PAM into radius or tacacs,
stacking at the very least a file based 'backup' auth provider in the tree
(preferably independend of PAM - which can have finicky failure mode) is
invaluable in operational environments in my experience.

Dw