From dev-return-35429-apmail-httpd-dev-archive=httpd.apache.org@httpd.apache.org Thu Jan 02 22:24:56 2003
Return-Path: <dev-return-35429-apmail-httpd-dev-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-dev-archive@httpd.apache.org
Received: (qmail 92346 invoked by uid 500); 2 Jan 2003 22:24:56 -0000
Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help: <mailto:dev-help@httpd.apache.org>
list-unsubscribe: <mailto:dev-unsubscribe@httpd.apache.org>
list-post: <mailto:dev@httpd.apache.org>
Delivered-To: mailing list dev@httpd.apache.org
Received: (qmail 92333 invoked from network); 2 Jan 2003 22:24:55 -0000
From: =?ISO-8859-1?Q?Andr=E9?= Malo <nd@perlig.de>
Subject: Re: cvs commit: httpd-2.0/modules/aaa mod_authn_dbm.c
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Organization: TIMTOWTDI
References: <20030101040826.38693.qmail@icarus.apache.org>
 <n2m-g.gw1trlcybsty$ndparker@news.perlig.de>
 <n2m-g.gw1trlcybsty$ndparker@news.perlig.de>
 <2147483647.1041451240@[10.0.1.9]>
Date: Thu, 2 Jan 2003 23:22:10 +0100
To: dev@httpd.apache.org
Message-ID: <n2m-g.106lu7694in46$ndparker@news.perlig.de>
User-Agent: Yes!
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N

* Justin Erenkrantz wrote:

> --On Wednesday, January 1, 2003 7:21 PM +0100 Andr=E9 Malo
> <nd@perlig.de> wrote:
>=20
>> - do some magic, i.e. if AuthType digest then use "$user" and
>> "$user:$realm" as lookup key (in which order?)
>>
>> - make it configurable (additional argument to AuthDBMGroupFile?)
>>
>> - consider a provider mechanism for authorization modules, too?
>>
>> My favourites are the second or third option :)
>> better ideas?
>=20
> I would probably implement choice one for now.  ($user:$realm first,
> then $user.)

ok. then I'm doing so.

> Note that I always planned on adding a provider mechanism for
> authorization modules, but somehow got sidetracked on that.  But,
> yeah, that should definitely happen, too.  =3D)

I'm not quite sure where this should happen. Core management or a new=20
module mod_authz?

> (Choice 2 doesn't make
> a whole lot of sense to me.)

hmm, the user should know best, what his groupfile contains. But this may=
=20
be a wrong assumption ;-)

Another point:

mod_authn_default.c, mod_authz_dbm.c, mod_authz_default.c,=20
mod_authz_groupfile.c and mod_authz_user.c all point to=20
ap_note_basic_auth_failure. I think, now it's time to let them call=20
ap_note_auth_failure directly - right?

nd
--=20
die (eval q-qq[Just Another Perl Hacker
]
;-)
# Andr=E9 Malo, <http://www.perlig.de/> #