httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ian Holsman" <li...@holsman.net>
Subject Re: auth stuff still broken
Date Tue, 17 Sep 2002 17:04:41 GMT
On Tue, 17 Sep 2002 10:00:44 -0700, rbb wrote:

> On Tue, 17 Sep 2002, William A. Rowe, Jr. wrote:
> 
>> I was thinking about this.  What about -eliminating- the
>> mod_authn_default and mod_authz_default, merging them into mod_auth, and
>> moving the directives from mod_auth_basic and mod_auth_digest into the
>> common mod_auth.
>> 
>> Mod_auth would further include all of the hooks, and be the common
>> module that all other mod_auth_foo, authn and authz modules require.
>> 
>> Does that make any sense?  I'm certain you will have users misconfigure
>> the 'backstop' modules (_default flavors) resulting in insecure servers.
>> If the 'backstop' _default auth handlers are always loaded as part of
>> the core mod_auth, users will have far fewer problems.
> 
> I almost like this, but I wouldn't put it mod_auth.  I would put them in
> the core.  The core server has always been the location for our default
> functions.

why don't you do what we do in mod_core & mod_proxy
just create a 'mod_auth' with the common functions and have mod_auth_XYZ
just hook into that
> 
> Ryan
> 
> 
> _______________________________________________________________________________
> Ryan Bloom                        	rbb@apache.org 550 Jean St
> Oakland CA 94610
> -------------------------------------------------------------------------------

Mime
View raw message