httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Max Bowsher <>
Subject Re: Execution of check_user_id and auth_checker for all requests in 2.3 vs. only those with AuthType
Date Fri, 03 Mar 2006 13:20:57 GMT
Hash: SHA1

Max Bowsher wrote:
>> In httpd-2.2, the check_user_id and auth_checker hooks are only 
>> invoked for requests to which both an AuthType and at least one
>> Require directive apply.
>> In httpd-2.3, the check_user_id and auth_checker hooks run
>> unconditionally.
>> I'm seeking confirmation that the above is an intentional design 
>> change. If it is, perhaps someone could add the text of the first
>> two paragraphs of this email to the "Module Developer Changes"
>> section of 'docs/manual/new_features_2_4.xml'.

Brad Nicholes wrote:
>   Yes that is true but it is much more that just how the hooks are
> being called.  Both authentication in 2.2 and authorization in 2.3 have
> been transformed into a provider based model.  That doesn't mean that
> you can't still register for the hooks, but what it does mean is that in
> order to follow the new authnz model and to take advantage of what it
> offers, auth modules should be registering themselves as providers
> instead.  If auth modules use the provider based mechanisms, they don't
> have to worry about when or how the hooks are called.

Thanks for the confirmation.
Yes, I'm aware of the provider model. However, there are some modules,
e.g. mod_authz_svn, which have some functionality that does not fit
within the provider model. The change in hook behaviour is still
relevant to developers of such modules, so it would be nice to mention
it in the developer section of the "New in 2.3/2.4" document.


Version: GnuPG v1.4.1 (Cygwin)


View raw message