Return-Path: Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: (qmail 11539 invoked from network); 26 Nov 2005 23:28:44 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 26 Nov 2005 23:28:44 -0000 Received: (qmail 59640 invoked by uid 500); 26 Nov 2005 23:28:39 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 59473 invoked by uid 500); 26 Nov 2005 23:28:38 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 58245 invoked by uid 99); 26 Nov 2005 23:28:31 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 26 Nov 2005 15:28:30 -0800 X-ASF-Spam-Status: No, hits=0.5 required=10.0 tests=DNS_FROM_RFC_ABUSE X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: local policy) Received: from [137.65.81.172] (HELO lucius.provo.novell.com) (137.65.81.172) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 26 Nov 2005 15:29:56 -0800 Received: from INET-PRV1-MTA by lucius.provo.novell.com with Novell_GroupWise; Sat, 26 Nov 2005 16:28:04 -0700 Message-Id: <43888D07020000AC0000625A@lucius.provo.novell.com> X-Mailer: Novell GroupWise Internet Agent 7.0 Date: Sat, 26 Nov 2005 16:27:50 -0700 From: "Brad Nicholes" To: , Subject: Re: proposed authz rewrite (was:Re: Suggest renaming mod_authz_host to mod_access_host) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 500/1000/N >>> justin@erenkrantz.com >>> >On Sat, Nov 26, 2005 at 10:56:23AM -0700, Brad Nicholes wrote: >> Speaking of authz rewrite, currently the directives 'authtype', >> 'authname' and 'require' are all implemented in the core module. This >> just doesn't seem like the right place for them so I am considering >> moving the directives to mod_authz_host. This will also facilitate the >> conversion of the 'require' directive into a provider vector for >> authorization which is the next step. Unfortuately the values for these >> directives are stored in the core module struct and are still tied into >> core. So the first stage will probably just leave the values there >> until they can be cleanly broken out when 'satisfy' is also reworked. >> >> comments? > >+1 to moving as much of it out of server/ into modules/aaa/. However, >I'm not sure that moving all of them into mod_authz_host makes sense >either just yet. > >AuthType and AuthName have more to do with authentication, not >authorization - right? (We couldn't have picked worse directive names!) >Could they move into mod_auth_basic? Or, should we create a mod_auth_core? >(AuthType governs the selection of basic/digest and AuthName presents >the realm name given to the browser for authentication.) > >Moving require to mod_authz_host could make sense. Yet, it could also >make sense to move require directive handling to a 'mod_authz_core' or a >'mod_auth_core' as well. -- justin Your right, it probably doesn't make sense to move AuthType and AuthName into mod_authz_host. I was trying to find an existing module to move this stuff into rather than creating another. The problem that I see us heading for is Auth module overload. If we create yet another auth module, a user would need to load 5 modules (mod_auth_core, mod_auth_basic/digest, mod_authz_host, mod_authn_file, mod_authz_user) just to get basic file based authentication up and working. I guess I would rather have authtype and authname left in mod_core than create another auth module. Brad