httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rich Bowen <>
Subject Re: AuthProviderAlias and mod_authn_file
Date Tue, 05 Sep 2006 20:19:47 GMT

On Sep 5, 2006, at 11:49, Brad Nicholes wrote:

>    So it sounds like there are two questions being asked.  First,  
> what non-ldap usages are there for authnAlias and second why  
> doesn't the configuration below work?
>    I'll answer the second question first.  Given the configuration  
> block below, I don't know why it doesn't work.  I just retested the  
> same configuration and everything worked as expected.  The only  
> issue that I see is setting 'AuthBasicAuthoritative off'.  Since  
> there doesn't appear to be any other authentication type specified  
> (ie. digest), this directive should either be set to 'on' or  
> removed and left as default (which is also 'on').  The error  
> message that is showing up in the error_log is a result of the  
> default authn handler being hit as a last resort with no auth type  
> set as default.  BTW, given the configuration below, I was also  
> unable to duplicate the error message even with  
> AuthBasicAuthoritative set to 'on' which implies that there is  
> probably some other auth configuration somewhere that is conflicting.

I thought after I sent that I should mention that I tried various  
values for AuthBasicAuthoritative, because I am actually a little  
confused as to what this  means in the context of aliases. Which  
Alias is it saying is authoritative?

Anyways, I tried with it on and off, with identical results. I'll try  
this on a server with less going on, to see if there is some kind of  
conflict with something else that I'm doing.

>   To answer the first question, the non-ldap example given here is  
> a perfectly valid use of authnAlias.  Basically authnAlias can be  
> used to create extended providers that use the same base provider  
> but with different parameters.  Another possible example would be  
> authnDBD:
> <AuthnProviderAlias dbd dbd1>
>     AuthDBDUserPWQuery "select password from authn where username =  
> %s"
> </AuthnProviderAlias>
> <AuthnProviderAlias dbd dbd2>
>     AuthDBDUserPWQuery "select password from authn where  
> Aliasusername = %s"
> </AuthnProviderAlias>
> Of course you could craft a better SQL statement that would handle  
> both situations at the same time, but you get the point.  AuthAlias  
> just appears to be more useful with LDAP because configuring  
> authnzldap authentication usually requires more than a single  
> directive that defines authentication criteria (ie. ldap server,  
> bind user and password).

Thanks, this is a useful example.

They went to sea in a sieve, they did
In a sieve they went to see

View raw message