httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <n...@webthing.com>
Subject Workaround (Re: walk caching to avoid extra authnz)
Date Wed, 06 Dec 2006 17:47:20 GMT
On Tue, 05 Dec 2006 17:06:16 -0800
Chris Darroch <chrisd@pearsoncmg.com> wrote:


>    What surprised me was discovering that each sub-request (or,
> equally, internal redirect) went through the authnz steps despite
> the fact that I just had a single blanket authnz configuration for
> the entire directory on which I'd enabled mod_dav.

Alternative proposal for this scenario that doesn't involve a possible
risk of breaking something.

mod_auth_inherit

In anything that isn't a subrequest, it'll return DECLINED.

In a subrequest, mod_auth_inherit will set r->user to r->main->user,
without reference to any password lookup.  If r->main->user is
unset it'll return DECLINED.

It'll also set an "inherited" token.

A corresponding authz hook will implement a "Require inherit"
to enable subrequests with "inherited" set to be authorized,
and will run ahead of "normal" authz hooks.

Would that be a good solution here?

-- 
Nick Kew

Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/

Mime
View raw message