httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Justin Erenkrantz <>
Subject Re: Auth: Start the httpd-2.1 branch finally?
Date Sun, 13 Oct 2002 21:36:37 GMT
--On Sunday, October 13, 2002 3:59 AM -0700 Greg Stein 
<> wrote:

> The API *is* stable. The auth changes did nothing to the API except
> to expand it a bit for *new* auth systems. Existing auth modules are
> unaffected.

Exactly - we only reorganized our aaa modules.  No hooks or APIs were 
modified.  Third-party aaa modules require no changes - in fact, our 
own experimental auth_ldap hasn't been converted (mainly because it 
is so many files).

> There were some directive changes, and certainly some different
> modules to load, but nothing in the API department. Moreover, I
> think we can deal with the directives and create some kind of
> backwards-compat stuff. It is just that I'm not entirely sure what
> got dropped and added yet. The modules are a bit tougher. We could
> potentially fix it with hacks to the module loading stuff to key
> off the old names and load the new stuff, but that just feels
> fugly...

My belief is that the only change is in the *Authoritative directives 
- we're now more granular as we can selectively control 
authoritativeness on authn and authz modules.  There are also some 
gotchas on the LoadModule lines, but, like you, I'm not really sure 
what we can do about that.  I think the best thing to do is to 
document the module renames.

And, solutions like adding back mod_access or mod_auth can't work 
since we do not allow modules to share directives - therefore, there 
will be confusion internally about which modules should handle the 
authorization when both are loaded.  That's badness.  -- justin

View raw message