httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Justin Erenkrantz <jus...@erenkrantz.com>
Subject Re: Multiple AAA providers
Date Fri, 04 Mar 2005 17:14:08 GMT
--On Friday, March 4, 2005 8:56 AM -0700 Brad Nicholes 
<BNICHOLES@novell.com> wrote:

> Actually I think the better syntax would be:
>
> <AuthProviderAlias ldap Myldap1>
>    ...config options for mod_authnz_ldap...
> </AuthProviderAlias>
>
> <AuthProviderAlias ldap Myldap2>
>    ...config options for mod_authnz_ldap...
> </AuthProviderAlias>
>
> <AuthProviderAlias file Myfile1>
>    ...config options for mod_auth...
> </AuthProviderAlias>
>
> <Location /foo1>
>    AuthProvider Myldap1 Myfile1
>    ...Other config options...
> </Location>
> <Location /foo2>
>    AuthProvider Myldap2 Myfile1
>    ...Other config options...
> </Location>
> <Location /foo3>
>    AuthProvider Myldap1 Myldap2
>    ...Other config options...
> </Location>
>
> This would allow you to mix-match-reuse-redefine auth configurations
> anywhere you like.  I haven't thought this through completely from an
> implementation standpoint, but by moving the provider definitions into
> mod_auth_basic and then extending the framework for handling multiple
> provider definitions into the providers themselves, I think we can come
> out with something very useful and reuseable.

Actually, I think we could move this into a (new) mod_authn_alias/config or 
something and make it generic - tieing it into mod_auth_basic would mean it 
couldn't be used by mod_auth_digest.  The key here from the implementation 
perspective is that we would know what the 'real' provider name is as well 
- so we wouldn't have to tie it to the module.  mod_authn_alias would 
register a 'fake' provider that merges the auth's per_dir_config before 
executing the 'real' provider.

So, yah, I like this.  -- justin

Mime
View raw message