httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brad Nicholes" <BNICHO...@novell.com>
Subject Re: Execution of check_user_id and auth_checker for all requests in 2.3 vs. only those with AuthType
Date Thu, 02 Mar 2006 22:30:51 GMT
> {>>> On 3/2/2006 at 9:23:45 am, in message <44071C11.8010909@ukf.net>,

> maxb1@ukf.net 
> wrote:
> In httpd-2.2, the check_user_id and auth_checker hooks are only
invoked
>for requests to which both an AuthType and at least one Require
>directive apply.
>
>In httpd-2.3, the check_user_id and auth_checker hooks run
unconditionally.
>
>
>I'm seeking confirmation that the above is an intentional design
change.
>If it is, perhaps someone could add the text of the first two
paragraphs
>of this email to the "Module Developer Changes" section of
>'docs/manual/new_features_2_4.xml'.
>
>Thanks,
>Max.

  Yes that is true but it is much more that just how the hooks are
being called.  Both authentication in 2.2 and authorization in 2.3 have
been transformed into a provider based model.  That doesn't mean that
you can't still register for the hooks, but what it does mean is that in
order to follow the new authnz model and to take advantage of what it
offers, auth modules should be registering themselves as providers
instead.  If auth modules use the provider based mechanisms, they don't
have to worry about when or how the hooks are called.

Brad



Mime
View raw message