httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Justin Erenkrantz <jus...@erenkrantz.com>
Subject Re: proposed authz rewrite (was:Re: Suggest renaming mod_authz_host to mod_access_host)
Date Sat, 26 Nov 2005 23:01:42 GMT
On Sat, Nov 26, 2005 at 10:56:23AM -0700, Brad Nicholes wrote:
>    Speaking of authz rewrite, currently the directives 'authtype',
> 'authname' and 'require' are all implemented in the core module.  This
> just doesn't seem like the right place for them so I am considering
> moving the directives to mod_authz_host.  This will also facilitate the
> conversion of the 'require' directive into a provider vector for
> authorization which is the next step.  Unfortuately the values for these
> directives are stored in the core module struct and are still tied into
> core.  So the first stage will probably just leave the values there
> until they can be cleanly broken out when 'satisfy' is also reworked.
> 
> comments?

+1 to moving as much of it out of server/ into modules/aaa/.  However,
I'm not sure that moving all of them into mod_authz_host makes sense
either just yet.

AuthType and AuthName have more to do with authentication, not
authorization - right?  (We couldn't have picked worse directive names!)
Could they move into mod_auth_basic?  Or, should we create a mod_auth_core?
(AuthType governs the selection of basic/digest and AuthName presents
the realm name given to the browser for authentication.)

Moving require to mod_authz_host could make sense.  Yet, it could also
make sense to move require directive handling to a 'mod_authz_core' or a
'mod_auth_core' as well.  -- justin

Mime
View raw message