httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Justin Erenkrantz <>
Subject Re: [VOTE] Location of aaa rewrite
Date Wed, 04 Sep 2002 01:19:58 GMT
On Tue, Sep 03, 2002 at 04:36:58PM -0700, Joshua Slive wrote:
> Just as a crazy idea: Since you are retaining all the old APIs, shouldn't
> it be possible to distribute the current modules as mod_auth_compat and
> mod_auth_dbm_compat that users could activate to get all the old
> directives?

Eek.  Then, it would mean for some components, they would be able
to do things two different ways.  IMHO, that would only lead to code
rot and user confusion.

To make it clear, there are two phases to the grand scheme (in my

1) Split the components into auth, authn, or authz.

   The front-ends (basic, digest) would be under:     mod_auth_*
   Authentication (i.e. you are who you say you are): mod_authn_*
   Authorization (i.e. you can go where you want to): mod_authz_*

2) Switch to a provider scheme.

   This allows the code within mod_authn_* and mod_authz_* to be
   factored out to not be cut-and-pasted duplicates of each other.
   Each one has slightly different variations on the same code.
   It's a PITA.  And, we can't really do #2 until #1 is done.

For phase #1, we shift/rename files - no real gain in functionality
here.  For phase #2, we shift the APIs around.  Phase #2 is where we
get our real benefits (i.e. mod_auth_digest being able to be
something other than file-backed).

I think we can do the first part right now (gets our house in order)
and then work out how to do #2.  I already have a proof of concept
for #2 ready, but Sterling and some others have ideas on features we
can add for #2 to make it even better.  -- justin

View raw message