httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Querna <c...@force-elite.com>
Subject Re: proposed authz rewrite (was:Re: Suggest renaming mod_authz_host to mod_access_host)
Date Mon, 28 Nov 2005 17:11:36 GMT
William A. Rowe, Jr. wrote:
> Justin Erenkrantz wrote:
>> On Mon, Nov 28, 2005 at 08:33:14AM -0700, Brad Nicholes wrote:
>>
>>> other AuthXXXProvider that may come along in the future.  Does anybody
>>> see a need to keep AuthType around at all under the new authentication
>>> architecture?
>
> You need to be able to specify Basic or Digest, no?
>
> I'm wondering if it doesn't make sense to have two different 'hooks', one
> for basic, one for digest.  Most providers would implement basic.  
> Some who
> can handle digests could implement digest.  Then the authn store could be
> independent of protocol.
>
> Some, such as auth_pam, clearly couldn't support digest, but others (I 
> can
> even envision a ldap solution) which the server can query for a hash key,
> could.

There are already two AuthN providers:
from modules/aaa/mod_auth.h:

typedef struct {
    /* Given a username and password, expected to return AUTH_GRANTED
     * if we can validate this user/password combination.
     */
    authn_status (*check_password)(request_rec *r, const char *user,
                                  const char *password);

    /* Given a user and realm, expected to return AUTH_USER_FOUND if we
     * can find a md5 hash of 'user:realm:password'
     */
    authn_status (*get_realm_hash)(request_rec *r, const char *user,
                                   const char *realm, char **rethash);
} authn_provider;


No need to make separate hooks.  Any backend that doesn't support digest 
just sets the get_realm_hash to NULL.

-Paul


Mime
View raw message