httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brad Nicholes" <bnicho...@novell.com>
Subject Re: proposed authz rewrite (was:Re: Suggest renaming mod_authz_host to mod_access_host)
Date Sat, 26 Nov 2005 23:27:50 GMT
>>> justin@erenkrantz.com  >>>
>On Sat, Nov 26, 2005 at 10:56:23AM -0700, Brad Nicholes wrote:
>>    Speaking of authz rewrite, currently the directives 'authtype',
>> 'authname' and 'require' are all implemented in the core module. 
This
>> just doesn't seem like the right place for them so I am considering
>> moving the directives to mod_authz_host.  This will also facilitate
the
>> conversion of the 'require' directive into a provider vector for
>> authorization which is the next step.  Unfortuately the values for
these
>> directives are stored in the core module struct and are still tied
into
>> core.  So the first stage will probably just leave the values there
>> until they can be cleanly broken out when 'satisfy' is also reworked.
>> 
>> comments?
>
>+1 to moving as much of it out of server/ into modules/aaa/.  However,
>I'm not sure that moving all of them into mod_authz_host makes sense
>either just yet.
>
>AuthType and AuthName have more to do with authentication, not
>authorization - right?  (We couldn't have picked worse directive
names!)
>Could they move into mod_auth_basic?  Or, should we create a
mod_auth_core?
>(AuthType governs the selection of basic/digest and AuthName presents
>the realm name given to the browser for authentication.)
>
>Moving require to mod_authz_host could make sense.  Yet, it could also
>make sense to move require directive handling to a 'mod_authz_core' or
a
>'mod_auth_core' as well.  -- justin

  Your right, it probably doesn't make sense to move AuthType and
AuthName into mod_authz_host.  I was trying to find an existing module
to move this stuff into rather than creating another.  The problem that
I see us heading for is Auth module overload.  If we create yet another
auth module, a user would need to load 5 modules (mod_auth_core,
mod_auth_basic/digest, mod_authz_host, mod_authn_file, mod_authz_user)
just to get basic file based authentication up and working.  I guess I
would rather have authtype and authname left in mod_core than create
another auth module.

Brad




Mime
View raw message