--On Sunday, October 13, 2002 3:59 AM -0700 Greg Stein
<gstein@lyra.org> wrote:
> The API *is* stable. The auth changes did nothing to the API except
> to expand it a bit for *new* auth systems. Existing auth modules are
> unaffected.
Exactly - we only reorganized our aaa modules. No hooks or APIs were
modified. Third-party aaa modules require no changes - in fact, our
own experimental auth_ldap hasn't been converted (mainly because it
is so many files).
> There were some directive changes, and certainly some different
> modules to load, but nothing in the API department. Moreover, I
> think we can deal with the directives and create some kind of
> backwards-compat stuff. It is just that I'm not entirely sure what
> got dropped and added yet. The modules are a bit tougher. We could
> potentially fix it with hacks to the module loading stuff to key
> off the old names and load the new stuff, but that just feels
> fugly...
My belief is that the only change is in the *Authoritative directives
- we're now more granular as we can selectively control
authoritativeness on authn and authz modules. There are also some
gotchas on the LoadModule lines, but, like you, I'm not really sure
what we can do about that. I think the best thing to do is to
document the module renames.
And, solutions like adding back mod_access or mod_auth can't work
since we do not allow modules to share directives - therefore, there
will be confusion internally about which modules should handle the
authorization when both are loaded. That's badness. -- justin
|