httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brad Nicholes" <BNICHO...@novell.com>
Subject Re: Multiple AAA providers
Date Mon, 07 Mar 2005 16:11:01 GMT
I believe that we are talking about coding at the provider layer (ldap,
file, etc.).  The problem here is that I am not sure what the following
means:

>> [ ] Implement globally across schemes and providers
>>     Single <AuthConfig xxx> directive, but as it's not in the
scheme
>>     which iterates the providers, control isn't as fine-grained.

But I do know what this means:

>  [ ] Implement across providers
>      Single <AuthProviderAlias real-provider-name alias> directive.

If they are saying the same thing then we might all be on the same
page.  Now would be a great time to have one of those white board
discussions like we have at ApacheCon :).  I would like to see us
implement a syntax that can be reused as I suggested earlier.  An
<AuthProviderAlias ...> tag would allow for that.  I am -1 to Bill's
original proposal mainly because each use of an auth module requires
that it be reconfigured within it's <Location> even if the
configurations across <Locations> are identical.   If Bill's original
proposal was reworked to pull the <AuthConfig> out of the <Location>
scope and allow it to be reused as an alias, then I am +1.

Brad

>>> wrowe@rowe-clan.net Sunday, March 06, 2005 11:16 PM >>>
At 12:03 PM 3/6/2005, Justin Erenkrantz wrote:
>On Sat, Mar 05, 2005 at 10:59:30PM -0600, William A. Rowe, Jr. wrote:
>> Ok, as Justin and I are in significant disagreement ... to
summarize;
>> 
>> we (collectively) would like to see some mechanism for multiple
>> configurations of the same 'provider' (defined above).  There are
>> logically three places this can happen, so as a straw poll, would
>> those interested in *coding* auth schemas please vote (end users,
>> our choice will be transparent enough to you that we prefer the
>> developers to indicate their preferences.)
>> 
>> [ ] Implement in each provider (e.g. mod_authnz_ldap,
mod_authn_file)
>>     Different <AuthLdapConfig xxx> <AuthFileConfig zzz> sections
>> 
>> [ ] Implement in each scheme (e.g. basic, digest)
>>     Different <AuthBasicConfig xxx> <AuthDigestConfig zzz> sections
>> 
>> [ ] Implement globally across schemes and providers
>>     Single <AuthConfig xxx> directive, but as it's not in the
scheme
>>     which iterates the providers, control isn't as fine-grained.
>
>These choices overlook Brad's suggestion, which I still think is the
best:
>
>  [ ] Implement across providers
>      Single <AuthProviderAlias real-provider-name alias> directive.

I did not overlook it.

What layer do you propose to code it at?



Mime
View raw message