Return-Path: 
 <dev-return-55256-apmail-httpd-dev-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-dev-archive@www.apache.org
Received: (qmail 61881 invoked from network); 29 Oct 2006 14:47:30 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 29 Oct 2006 14:47:30 -0000
Received: (qmail 53920 invoked by uid 500); 29 Oct 2006 14:47:38 -0000
Delivered-To: apmail-httpd-dev-archive@httpd.apache.org
Received: (qmail 53854 invoked by uid 500); 29 Oct 2006 14:47:38 -0000
Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help: <mailto:dev-help@httpd.apache.org>
list-unsubscribe: <mailto:dev-unsubscribe@httpd.apache.org>
List-Post: <mailto:dev@httpd.apache.org>
List-Id: <dev.httpd.apache.org>
Delivered-To: mailing list dev@httpd.apache.org
Received: (qmail 53843 invoked by uid 99); 29 Oct 2006 14:47:38 -0000
Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 29 Oct 2006 06:47:38 -0800
X-ASF-Spam-Status: No, hits=-0.0 required=10.0
	tests=SPF_HELO_PASS,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (herse.apache.org: domain of minfrin@sharp.fm designates
 64.49.220.200 as permitted sender)
Received: from [64.49.220.200] (HELO chandler.sharp.fm) (64.49.220.200)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 29 Oct 2006 06:47:25 -0800
Received: from chandler.sharp.fm (localhost [127.0.0.1])
	by chandler.sharp.fm (Postfix) with ESMTP id EAF33E5C80
	for <dev@httpd.apache.org>; Sun, 29 Oct 2006 08:47:04 -0600 (CST)
Received: from [192.168.200.34] (firstmarine.cust-gw.jnb6.alter.net
 [196.31.24.162])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by chandler.sharp.fm (Postfix) with ESMTP id 0465EE5302
	for <dev@httpd.apache.org>; Sun, 29 Oct 2006 08:47:02 -0600 (CST)
Message-ID: <4544BEE4.3040806@sharp.fm>
Date: Sun, 29 Oct 2006 15:47:00 +0100
From: Graham Leggett <minfrin@sharp.fm>
User-Agent: Thunderbird 1.5.0.7 (Macintosh/20060909)
MIME-Version: 1.0
To: dev@httpd.apache.org
Subject: Re: [Fwd: Re: svn commit: r466865 - in /httpd/httpd/trunk: CHANGES
 docs/manual/mod/mod_authn_dbd.xml modules/aaa/mod_auth.h
 modules/aaa/mod_authn_dbd.c
 modules/aaa/mod_authnz_ldap.c]
References: <45432A53.9090009@apache.org> <4544A38F.6050108@sharp.fm>
 <4544B942.4030900@apache.org>
In-Reply-To: <4544B942.4030900@apache.org>
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature";
 micalg=sha1; boundary="------------ms090405050005010003020702"
X-Virus-Scanned: ClamAV using ClamSMTP
X-Virus-Checked: Checked by ClamAV on apache.org

This is a cryptographically signed message in MIME format.

--------------ms090405050005010003020702
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit

Ruediger Pluem wrote:

> Yes, this is correct. It is set by AuthDBDUserPWQuery.
> 
>> What sql statement would correspond with "USER_" above?
> 
> The one set by AuthDBDUserRealmQuery. It is used inside
> 
> authn_dbd_realm
> 
> OK, USER_ might the wrong word, but we definitely have two possible different
> queries with possible the same field names which are put in the same environment
> namespace.

My understanding of the code is that either the realm query will get 
run, or the password query will get run - otherwise we would be checking 
the password twice.

AUTHENTICATE_ entries are only added to the environment for the second 
and subsequent columns in each query.

If two sql queries are being done, then the admin need only add the 
extra columns to one of the queries.

If this is ever a problem, the admin can simply give the second query 
different column names to the first, assuming there are two queries at all.

The point behind the AUTHENTICATE_ is that it is the same as that of 
mod_authnz_ldap. If you put the sql ones in different namespaces, then 
it seriously reduces the usefulness of putting this info in the 
environment, as users of this information now have to care which module 
did the authz and authn.

Regards,
Graham
--

--------------ms090405050005010003020702
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJNTCC
AvUwggJeoAMCAQICEHPerLP+yWp/U+jCFAQ0kGwwDQYJKoZIhvcNAQEFBQAwYjELMAkGA1UE
BhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMT
I1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA2MDkyNzA5MDgxMloX
DTA3MDkyNzA5MDgxMlowXTEQMA4GA1UEBBMHTGVnZ2V0dDEPMA0GA1UEKhMGR3JhaGFtMRcw
FQYDVQQDEw5HcmFoYW0gTGVnZ2V0dDEfMB0GCSqGSIb3DQEJARYQbWluZnJpbkBzaGFycC5m
bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMJQ9lruxyjmdilORMEwQnd+ZdrC
XSh5TZ/Tn/KQwFsH1ZYivHBF/lRFuy/X6AGq9EKmFI0kORoqZeatkEAZ5ocajDFxa7I8o8yk
DRJUJT9Iw0eCD4omrt4Ua+xsegLvVT2Neq0txvijDLuVsheVMi4l4+g3W2C1yPHgobZ3eIno
wyVyrTbPUbsSmilNpkjEEJOr0qnTEbf4FX8Qapd9Jm59vPfcqooKdiY9uDPp00nwbb1xFDtN
oQikIAihFVX+EzAbhR78AGPPbDyxn9uExjfOQT46JsCaZu54VI91YLF8EgQTD8DyWe7ZiMfw
jqP2Ro1ALmS+VLFOU4LNfFbzaVUCAwEAAaMtMCswGwYDVR0RBBQwEoEQbWluZnJpbkBzaGFy
cC5mbTAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBQUAA4GBALHl5riB6yi4w7SD9AWr7FJq
AKQ5ICk/A3xRr3l+ZHw5ZLO2uFMgT2ZKiORLAkhsqVjGhsEZgXG1BEc/Pk9B3mCYYu6nyB0n
rRUzR7RVeOkOVqG8qBhZ4z/ItQAxHLk30g7S7QNbuTCeWqVVXxcaXmeBvC67s/OQICyRIFRg
aKtJMIIC9TCCAl6gAwIBAgIQc96ss/7Jan9T6MIUBDSQbDANBgkqhkiG9w0BAQUFADBiMQsw
CQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoG
A1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDYwOTI3MDkw
ODEyWhcNMDcwOTI3MDkwODEyWjBdMRAwDgYDVQQEEwdMZWdnZXR0MQ8wDQYDVQQqEwZHcmFo
YW0xFzAVBgNVBAMTDkdyYWhhbSBMZWdnZXR0MR8wHQYJKoZIhvcNAQkBFhBtaW5mcmluQHNo
YXJwLmZtMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwlD2Wu7HKOZ2KU5EwTBC
d35l2sJdKHlNn9Of8pDAWwfVliK8cEX+VEW7L9foAar0QqYUjSQ5Gipl5q2QQBnmhxqMMXFr
sjyjzKQNElQlP0jDR4IPiiau3hRr7Gx6Au9VPY16rS3G+KMMu5WyF5UyLiXj6DdbYLXI8eCh
tnd4iejDJXKtNs9RuxKaKU2mSMQQk6vSqdMRt/gVfxBql30mbn2899yqigp2Jj24M+nTSfBt
vXEUO02hCKQgCKEVVf4TMBuFHvwAY89sPLGf24TGN85BPjomwJpm7nhUj3VgsXwSBBMPwPJZ
7tmIx/COo/ZGjUAuZL5UsU5Tgs18VvNpVQIDAQABoy0wKzAbBgNVHREEFDASgRBtaW5mcmlu
QHNoYXJwLmZtMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEFBQADgYEAseXmuIHrKLjDtIP0
BavsUmoApDkgKT8DfFGveX5kfDlks7a4UyBPZkqI5EsCSGypWMaGwRmBcbUERz8+T0HeYJhi
7qfIHSetFTNHtFV46Q5WobyoGFnjP8i1ADEcuTfSDtLtA1u5MJ5apVVfFxpeZ4G8Lruz85Ag
LJEgVGBoq0kwggM/MIICqKADAgECAgENMA0GCSqGSIb3DQEBBQUAMIHRMQswCQYDVQQGEwJa
QTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xGjAYBgNVBAoT
EVRoYXd0ZSBDb25zdWx0aW5nMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERp
dmlzaW9uMSQwIgYDVQQDExtUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgQ0ExKzApBgkqhkiG
9w0BCQEWHHBlcnNvbmFsLWZyZWVtYWlsQHRoYXd0ZS5jb20wHhcNMDMwNzE3MDAwMDAwWhcN
MTMwNzE2MjM1OTU5WjBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRp
bmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3Vp
bmcgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMSmPFVzVftOucqZWh5owHUEcJ3f
6f+jHuy9zfVb8hp2vX8MOmHyv1HOAdTlUAow1wJjWiyJFXCO3cnwK4Vaqj9xVsuvPAsH5/Ef
kTYkKhPPK9Xzgnc9A74r/rsYPge/QIACZNenprufZdHFKlSFD0gEf6e20TxhBEAeZBlyYLf7
AgMBAAGjgZQwgZEwEgYDVR0TAQH/BAgwBgEB/wIBADBDBgNVHR8EPDA6MDigNqA0hjJodHRw
Oi8vY3JsLnRoYXd0ZS5jb20vVGhhd3RlUGVyc29uYWxGcmVlbWFpbENBLmNybDALBgNVHQ8E
BAMCAQYwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVByaXZhdGVMYWJlbDItMTM4MA0GCSqG
SIb3DQEBBQUAA4GBAEiM0VCD6gsuzA2jZqxnD3+vrL7CF6FDlpSdf0whuPg2H6otnzYvwPQc
UCCTcDz9reFhYsPZOhl+hLGZGwDFGguCdJ4lUJRix9sncVcljd2pnDmOjCBPZV+V2vf3h9bG
CE6u9uo05RAaWzVNd+NWIXiC3CEZNd4ksdMdRv9dX2VPMYIDZDCCA2ACAQEwdjBiMQswCQYD
VQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UE
AxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECEHPerLP+yWp/U+jCFAQ0
kGwwCQYFKw4DAhoFAKCCAcMwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0B
CQUxDxcNMDYxMDI5MTQ0NzAwWjAjBgkqhkiG9w0BCQQxFgQU7zSssn1Fhjd1OXub/An84Ybo
SEgwUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZI
hvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwgYUGCSsGAQQBgjcQBDF4MHYwYjEL
MAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAq
BgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBAhBz3qyz/slqf1Po
whQENJBsMIGHBgsqhkiG9w0BCRACCzF4oHYwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRo
YXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBG
cmVlbWFpbCBJc3N1aW5nIENBAhBz3qyz/slqf1PowhQENJBsMA0GCSqGSIb3DQEBAQUABIIB
AJcAx29cCrXS6PInSLjxy0ggp9ItDXlus/zWH1WLI9viLZlmCIuVuJF+4VyuQ4BrGM+htAVD
g5QlqYDWNx7tPovnw3rw7LQfatnp2WklPbjmaZrQhE99xGuf9169rb1fEVYIiiCvpk1EcNnk
qDgL0sAJnz3hFPJfS0FSkWsxLEJGJRE96wvJ+Uz2+TR5xRcmuVUCiYObyoOvi+TE9wyK/B5a
iHNZdWf1EwSHZZ142sgzsUl4TImQ+vIDkIsTUyUHBfWvwOlgxeYngd75tvp2HA+X/96HBgD4
yLWbkO96SqQsjL6EpDzZkbXCyVgB6i+kkUc2Sn4bFTJpyI2AvIwHhzgAAAAAAAA=
--------------ms090405050005010003020702--