httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brad Nicholes" <BNICHO...@novell.com>
Subject Re: authz: file-group ugliness
Date Tue, 25 Oct 2005 16:09:16 GMT
   Explain this a little further because I am a little confused.  What
do you intend to happen when a directive like:

require group ldap:foo dbm:bar bash

is issued?  The problem here is the confusion as to which module is
handling 'group'.  In order for this to work, every authorization type
needs to be unique which probably means that they need to be prefixed
with the authorization handler name

require file-group  somefilegroup
require ldap-group cn=someldapgroup,o=whatever
require dbm-group somedbmgroup

Then as we discussed a few weeks back, Satisfy <any|all> would have to
be refactored to deal with authorization types rather than just the
basic access control.

Or am I missing something??

Brad

>>> On 10/25/2005 at 9:47:31 am, in message
<435E5393.6050607@rowe-clan.net>,
wrowe@rowe-clan.net wrote:
> 
> Or not... why not
> 
>    require group ldap:foo dbm:bar bash
> 
> where bash would be a match against any provider, while foo would be

> specific
> to ldap, and bar would be specific to dbm?

Mime
View raw message