httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brad Nicholes" <BNICHO...@novell.com>
Subject Authz refactoring discussion (was: Re: svn commit: r354141)
Date Tue, 06 Dec 2005 18:04:13 GMT

>>> On 12/6/2005 at 12:04:47 am, in message
<20051206070447.GV28636@scotch.ics.uci.edu>, justin@erenkrantz.com
wrote:
> On Mon, Dec 05, 2005 at 02:17:09PM -0700, Brad Nicholes wrote:
>> Ignoring SATISFY <whatever> for now, we still want each provider to
be
>> called in the listed order and whether authorization is GRANTED or
>> DENIED may not be known until each one has been called.  Until then
the
>> status is simply DECLINED.  We can assume that DENIED and DECLINED
mean
>> the same thing as long as we get rid of the AuthzXXXAuthoritative
>> directives.  If not then each authz module has to be able to
communicate
>> the difference between DECLINED and DENIED"
> 
> I do think we need to get rid of Authoritative, yes.
> 

Good, then I am +1 on the authz providers only returning AUTHZ_GRANTED
or AUTHZ_DENIED.  I don't see a need for anything else.


> I'd prefer slapping 'core' on their names than leaving an
undecorated
> 'mod_authn' here.  Another alternative would be to just have them
both in
> 'mod_auth_core'.
> 
> Even if it were split out, mod_authn_core really wouldn't perform too
much
> heavy lifting as the basic/digest mechanisms do the heavy lifting
w.r.t.
> authn providers.  But, for authz, because no one really 'owns'
require or
> satisfy, a mod_authz/mod_authz_core would do most of the provider
> invocations - unless we can come up with a better module ownership of
the
> 'core' authz directives.  -- justin

I'm good with mod_authn_core and mod_authz_core.  Since I already added
mod_authn.c and mod_authz.c to SVN I'm not sure how to rename them. 
Could you rename the files in SVN and I'll take care of the rest.

Brad

Mime
View raw message