httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brad Nicholes" <>
Subject Re: Change in how to configure authorization
Date Mon, 13 Feb 2006 15:26:39 GMT
>>> On 2/10/2006 at 5:58:43 pm, in message
<>, wrote:
> Joshua Slive wrote:
>> On 1/26/06, Ian Holsman <> wrote:
>>>Hi Joshua:
>>> has the new structure
>>>httpd-std.conf (the one I was looking at) didn't ;(
>> Hmmm... httpd-std.conf doesn't exist in trunk.
> Just ran into this and couldn't quite believe what I was seeing.
> I have a similar config on a server and basically unless you're very
> careful you end up shutting people out! This change in auth seems to
> make no sense to me.
> It's adding a lot of complexity to config files. Do we really need
> make this change? Really?
> At the very least can someone please document how config files need
> be changed... And no, I don't think having it in a sample config file
> enough.
> davi

Yes, we do need to make this change.  With the provider based
rearchitecting of authentication in httpd 2.2, this left authorization
in an unpredictable state especially when using multiple authorization
types.  You were never quite sure which one was going to happen first
and had no way to order them or control them.  With that, there was also
a growing demand to be able to apply AND/OR logic to the way in which
authorization is applied.  So basically this change brings authorization
up to the same level of power and flexibility that currently exists in
httpd 2.2 for authentication.    Hence being new functionality, there
are bound to be bugs that need to be fixed, especially with backwards
compatibility.  So let's get the bugs identified and fixed.


View raw message