httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <>
Subject Re: Auth*Authoritative
Date Tue, 15 Nov 2005 21:12:44 GMT

Justin Erenkrantz wrote:

> The ordering/implications is now governed by either the provider lists 
> (as specified in the Auth*Provider directives) or the hooks (as per 
> Auth*Authoritative if a module doesn't participate in the new provider 
> scheme).
> The provider system is, IMHO, a far cleaner way of resolving the 
> Auth*Authoritative issues; but is maintained for legacy purposes for 
> Authentication or for the Authorization system which hasn't been touched 
> with the Provider system.  -- justin

Getting closer, but I'm still confused.

The Auth*Provider directives make sense to me for choosing which 
mod_authn_* module will get a crack at doing authentication.  But there 
are two other ordering problems: mod_auth_basic versus mod_auth_digest 
and the mod_authz_* modules in the authorization phase.  It seems that 
these are where the Auth*Authoritative directives apply, and that there 
is no way (short of code editing) to do explicit ordering on these.  Is 
this correct?

(Yes, I could go read the code to answer these questions.  But I'm lazy, 
and I believe that an ordinary user *should* be able to figure this out 
from the docs.)


View raw message