httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brandon Fosdick <>
Subject authn, authz and access. oh my.
Date Fri, 04 Nov 2005 05:38:48 GMT
As if the old system wasn't hard enough to wrap one's head around. Just when I had it figured
out enough to go and write mod_auth_userdir you guys go and change things on me.

BTW, when did this change? I've been lurking on this list since July and have only recently
heard about this. Was it a secret or did I miss it?

Noobie question...what's the difference between authentication, authorization and access?
At least in terms of the module interface. Or in other words, how much rewriting do I need
to do?

I'm looking at my config file for a DAV only server, and the only reason to include the old
mod_access (now mod_authz_host?) was for the default deny all applied to the root directory.
Do I really need that? Does the server really allow access to everything if not explicitly
told otherwise? I'm going for a minimal config so I'd like to take out any unnecessary modules.

I couldn't come up with a better name for mod_auth_userdir. Its supposed to authenticate against
the database for mod_dav_userdir, but mod_auth_dav_userdir seemed too cumbersome. What should
I call it now, given this new framework?

Also...I was originally toying with the idea of folding auth[n|z|?] stuff into mod_dav_userdir,
just to have it all taken care of in one place. Any thoughts on that idea? Feasible? Bad news?

View raw message