Return-Path: Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: (qmail 4784 invoked from network); 2 Mar 2005 12:26:54 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur-2.apache.org with SMTP; 2 Mar 2005 12:26:54 -0000 Received: (qmail 52977 invoked by uid 500); 2 Mar 2005 12:26:51 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 52951 invoked by uid 500); 2 Mar 2005 12:26:50 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 52937 invoked by uid 99); 2 Mar 2005 12:26:50 -0000 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: pass (hermes.apache.org: local policy) Received: from secure.exclamationlabs.net (HELO secure.exclamationlabs.net) (66.77.29.165) by apache.org (qpsmtpd/0.28) with ESMTP; Wed, 02 Mar 2005 04:26:49 -0800 Received: from [192.168.2.160] (pcp0010804675pcs.walngs01.pa.comcast.net [69.142.163.148]) (authenticated (0 bits)) by secure.exclamationlabs.net (8.11.6/8.11.6) with ESMTP id j22CQkp21323 for ; Wed, 2 Mar 2005 06:26:46 -0600 Message-ID: <4225B0F5.6010704@modperlcookbook.org> Date: Wed, 02 Mar 2005 07:26:29 -0500 From: Geoffrey Young User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20040927 X-Accept-Language: en-us, en MIME-Version: 1.0 To: dev@httpd.apache.org Subject: Re: Multiple AAA providers References: <6.2.1.2.2.20050228142137.07737eb0@pop3.rowe-clan.net><20050228210955.23366.qmail@mail.infinology.com><6.2.1.2.2.20050301000016.09d1cb70@pop3.rowe-clan.net><422413DA.50106@force-elite.com> <49679.67.138.149.162.1109684861.squirrel@67.138.149.162> <19396.196.8.104.37.1109686697.squirrel@www.sharp.fm> <42247D3D.2020909@ptc.com> <41839.196.8.104.37.1109688338.squirrel@www.sharp.fm> <42249D6C.2060103@ptc.com> <39952.196.8.104.37.1109755200.squirrel@www.sharp.fm> In-Reply-To: <39952.196.8.104.37.1109755200.squirrel@www.sharp.fm> X-Enigmail-Version: 0.86.1.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N > This functionality would be useful for more than just LDAP: you might want > to use two different flat file databases, or maybe you want to auth > someone in LDAP and someone else in SQL. > > This is really an AAA-wide question rather than an LDAP specific question. > > Anyone know how difficult this would be to do in the current AAA structure? I think we just need another status besides typedef enum { AUTH_DENIED, AUTH_GRANTED, AUTH_USER_FOUND, AUTH_USER_NOT_FOUND, AUTH_GENERAL_ERROR } authn_status something like AUTH_DECLINED, which would mean that the current provider is passing on doing the checking. code that into the provider loop and you're done. I can find the time to do this probably this week if justin or the other provider authors think it's a good idea. --Geoff