httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <minf...@sharp.fm>
Subject Re: authn, authz and access. oh my.
Date Fri, 04 Nov 2005 09:05:53 GMT
Brandon Fosdick wrote:

> Noobie question...what's the difference between authentication,
 > authorization and access?

Authentication asks "is this user who they say they are", this stage 
usually involves a username and password of some sort, or a certificate, 
etc.

Authorisation asks "is this user allowed to access this resource". Here 
the "require" directive specifies whether just being known to the system 
is enough, or whether further group membership is required.

 From a module perspective these two tasks are handled in two separate 
steps. Usually the second step relies on the first step, but it is still 
possible to be authenticated by one module (for example, an SSL 
certificate) and authorised by another module (for example, checking if 
the certificate DN is a member of an LDAP group).

Regards,
Graham
--

Mime
View raw message