httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Re: Multiple AAA providers
Date Fri, 04 Mar 2005 17:27:07 GMT
At 11:14 AM 3/4/2005, Justin Erenkrantz wrote:
>--On Friday, March 4, 2005 8:56 AM -0700 Brad Nicholes <BNICHOLES@novell.com> wrote:
>
>>Actually I think the better syntax would be:
>>
>><AuthProviderAlias ldap Myldap1>
>>   ...config options for mod_authnz_ldap...
>></AuthProviderAlias>
>>
>><AuthProviderAlias ldap Myldap2>
>>   ...config options for mod_authnz_ldap...
>></AuthProviderAlias>
>>
>><AuthProviderAlias file Myfile1>
>>   ...config options for mod_auth...
>></AuthProviderAlias>

Seems <AuthAlias file Foo> would be simpler to grok and less simple
to mistype.

>>This would allow you to mix-match-reuse-redefine auth configurations
>>anywhere you like.

I agree provided

<Location /foo>
    <AuthAlias ldap ldap1>

<Location /foo/secure>
    <AuthAlias ldap ldap1>

does the right thing for /foo/secure/... and it's trivial enough
to make sure that happens.      

>Actually, I think we could move this into a (new) mod_authn_alias/config or something
and make it generic

Hmmm Hmmm... yup, that's what I did...

>- tieing it into mod_auth_basic would mean it couldn't be used by mod_auth_digest.

but you lose the control offered by AuthBasicProvider ... that was
a good suggestion.

>mod_authn_alias would register a 'fake' provider that merges the auth's per_dir_config
before executing the 'real' provider.

yup, that's what mod_auth_config did.  However, mod_auth_config;

 1. invokes auth for the local directives (not <Auth> sectioned)

 2. invokes auth for all <Auth> sections.

providing the explicit list in AuthBasicProvider would ensure we walk
the provider configs correctly.





Mime
View raw message