Return-Path: 
 <dev-return-46359-apmail-httpd-dev-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-dev-archive@www.apache.org
Received: (qmail 77363 invoked from network); 4 Mar 2005 17:31:22 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199)
  by minotaur-2.apache.org with SMTP; 4 Mar 2005 17:31:21 -0000
Received: (qmail 33603 invoked by uid 500); 4 Mar 2005 17:31:07 -0000
Delivered-To: apmail-httpd-dev-archive@httpd.apache.org
Received: (qmail 33471 invoked by uid 500); 4 Mar 2005 17:31:07 -0000
Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help: <mailto:dev-help@httpd.apache.org>
list-unsubscribe: <mailto:dev-unsubscribe@httpd.apache.org>
List-Post: <mailto:dev@httpd.apache.org>
Delivered-To: mailing list dev@httpd.apache.org
Received: (qmail 33284 invoked by uid 99); 4 Mar 2005 17:31:06 -0000
X-ASF-Spam-Status: No, hits=0.1 required=10.0
	tests=FORGED_RCVD_HELO
X-Spam-Check-By: apache.org
Received-SPF: pass (hermes.apache.org: local policy)
Received: from marlborough.concentric.net (HELO marlborough.cnchost.com)
 (207.155.248.14)
  by apache.org (qpsmtpd/0.28) with ESMTP; Fri, 04 Mar 2005 09:31:04 -0800
Received: from rcsv650.rowe-clan.net (c-24-13-128-132.client.comcast.net
 [24.13.128.132])
	by marlborough.cnchost.com
	id MAA13799; Fri, 4 Mar 2005 12:31:02 -0500 (EST)
	[ConcentricHost SMTP Relay 1.17]
Errors-To: <wrowe@rowe-clan.net>
Message-Id: <6.2.1.2.2.20050304112130.07438560@pop3.rowe-clan.net>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.1.2
Date: Fri, 04 Mar 2005 11:27:07 -0600
To: dev@httpd.apache.org
From: "William A. Rowe, Jr." <wrowe@rowe-clan.net>
Subject: Re: Multiple AAA providers
Cc: dev@httpd.apache.org, minfrin@sharp.fm
In-Reply-To: <69356DA08F7A1743E100AAE5@st-augustin.ics.uci.edu>
References: <s22822d7.025@sinclair.provo.novell.com>
 <69356DA08F7A1743E100AAE5@st-augustin.ics.uci.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Virus-Checked: Checked
X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N

At 11:14 AM 3/4/2005, Justin Erenkrantz wrote:
>--On Friday, March 4, 2005 8:56 AM -0700 Brad Nicholes <BNICHOLES@novell.com> wrote:
>
>>Actually I think the better syntax would be:
>>
>><AuthProviderAlias ldap Myldap1>
>>   ...config options for mod_authnz_ldap...
>></AuthProviderAlias>
>>
>><AuthProviderAlias ldap Myldap2>
>>   ...config options for mod_authnz_ldap...
>></AuthProviderAlias>
>>
>><AuthProviderAlias file Myfile1>
>>   ...config options for mod_auth...
>></AuthProviderAlias>

Seems <AuthAlias file Foo> would be simpler to grok and less simple
to mistype.

>>This would allow you to mix-match-reuse-redefine auth configurations
>>anywhere you like.

I agree provided

<Location /foo>
    <AuthAlias ldap ldap1>

<Location /foo/secure>
    <AuthAlias ldap ldap1>

does the right thing for /foo/secure/... and it's trivial enough
to make sure that happens.      

>Actually, I think we could move this into a (new) mod_authn_alias/config or something and make it generic

Hmmm Hmmm... yup, that's what I did...

>- tieing it into mod_auth_basic would mean it couldn't be used by mod_auth_digest.

but you lose the control offered by AuthBasicProvider ... that was
a good suggestion.

>mod_authn_alias would register a 'fake' provider that merges the auth's per_dir_config before executing the 'real' provider.

yup, that's what mod_auth_config did.  However, mod_auth_config;

 1. invokes auth for the local directives (not <Auth> sectioned)

 2. invokes auth for all <Auth> sections.

providing the explicit list in AuthBasicProvider would ensure we walk
the provider configs correctly.