httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brad Nicholes" <>
Subject Authz refactoring discussion (was: Re: svn commit: r354141)
Date Tue, 06 Dec 2005 18:04:13 GMT

>>> On 12/6/2005 at 12:04:47 am, in message
> On Mon, Dec 05, 2005 at 02:17:09PM -0700, Brad Nicholes wrote:
>> Ignoring SATISFY <whatever> for now, we still want each provider to
>> called in the listed order and whether authorization is GRANTED or
>> DENIED may not be known until each one has been called.  Until then
>> status is simply DECLINED.  We can assume that DENIED and DECLINED
>> the same thing as long as we get rid of the AuthzXXXAuthoritative
>> directives.  If not then each authz module has to be able to
>> the difference between DECLINED and DENIED"
> I do think we need to get rid of Authoritative, yes.

Good, then I am +1 on the authz providers only returning AUTHZ_GRANTED
or AUTHZ_DENIED.  I don't see a need for anything else.

> I'd prefer slapping 'core' on their names than leaving an
> 'mod_authn' here.  Another alternative would be to just have them
both in
> 'mod_auth_core'.
> Even if it were split out, mod_authn_core really wouldn't perform too
> heavy lifting as the basic/digest mechanisms do the heavy lifting
> authn providers.  But, for authz, because no one really 'owns'
require or
> satisfy, a mod_authz/mod_authz_core would do most of the provider
> invocations - unless we can come up with a better module ownership of
> 'core' authz directives.  -- justin

I'm good with mod_authn_core and mod_authz_core.  Since I already added
mod_authn.c and mod_authz.c to SVN I'm not sure how to rename them. 
Could you rename the files in SVN and I'll take care of the rest.


View raw message