httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <minf...@sharp.fm>
Subject Re: [Fwd: Re: svn commit: r466865 - in /httpd/httpd/trunk: CHANGES docs/manual/mod/mod_authn_dbd.xml modules/aaa/mod_auth.h modules/aaa/mod_authn_dbd.c modules/aaa/mod_authnz_ldap.c]
Date Sun, 29 Oct 2006 14:47:00 GMT
Ruediger Pluem wrote:

> Yes, this is correct. It is set by AuthDBDUserPWQuery.
> 
>> What sql statement would correspond with "USER_" above?
> 
> The one set by AuthDBDUserRealmQuery. It is used inside
> 
> authn_dbd_realm
> 
> OK, USER_ might the wrong word, but we definitely have two possible different
> queries with possible the same field names which are put in the same environment
> namespace.

My understanding of the code is that either the realm query will get 
run, or the password query will get run - otherwise we would be checking 
the password twice.

AUTHENTICATE_ entries are only added to the environment for the second 
and subsequent columns in each query.

If two sql queries are being done, then the admin need only add the 
extra columns to one of the queries.

If this is ever a problem, the admin can simply give the second query 
different column names to the first, assuming there are two queries at all.

The point behind the AUTHENTICATE_ is that it is the same as that of 
mod_authnz_ldap. If you put the sql ones in different namespaces, then 
it seriously reduces the usefulness of putting this info in the 
environment, as users of this information now have to care which module 
did the authz and authn.

Regards,
Graham
--

Mime
View raw message