httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Malo>
Subject [PATCH]es - some thoughts about the auth modules
Date Sun, 08 Dec 2002 14:16:54 GMT
while cleaning up the 2.1 auth docs, some things bubbled up, that are worth 
to patch, imho :) If all patches are applied, applying them in the 
described order should work. But before a general question: What's the 
reason, that Auth*Provider cannot be determined in .htaccess files?
The worst case would be a 500, similar to the usage of AuthDBM* directives, 
if no mod_authn_dbm is configured, so I see no problem in .htaccess-allowed 
*Provider directives.

- yesno.diff
there is some confusion with "yes" and "no" and "on" and "off"... ;-)
By the way: the AccessAuthoritative directive in mod_authz_default is 
wrong-named, isn't it? I think, it should be AuthzDefaultAuthoritative.
No patch for this, because trivial ;-)

- authoritative.diff:
when asking the providers for authentication, the main loop should not only 
break, if access is granted. It should also break, if access was *denied* 
by one provider. To be safe, it has to break also, if an error occured. So 
the patch turns the condition around and continues only, if the user was 
not found.
I find it also weird, that if auth was denied (by password usually), the 
AuthBasicAuthoritative behaviour can override that by "passing to lower 
modules". The patch changes that behaviour, too.

- null.diff:
outch. there are some possible NULL pointer references. Have you ever tried 
AuthDigestProvider dbm? This results in a great kaboom. The patch makes 
apache throw an error, if someone tries a provider, that doesn't support 
the particular auth scheme.

- anon2p.diff
mod_authn_anon should be a provider, too, shouln't it? this patch resolves 
that. That drops the Anonymous_Authoritative directive, of course.
By the way, is now the time to give the anon directives a better face? ;-))

>kann mir jemand sagen, was genau @-Domains sind?
Ein Mythos. Ein Werbetrick. Verarsche. Nenn es wie du willst...

                 -- Alexandra Buss und Björn Höhrmann in dciwam

View raw message