httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kean Johnston <kean.johns...@gmail.com>
Subject Question about mod_authnz_fcgi.c
Date Fri, 17 Jan 2014 04:02:20 GMT
This module registers itself as an authentication provider with 
ap_register_auth_provider(). However, it *also* registers as a hook with 
ap_hook_check_authn(). The two cases are similar, but subtly different (the 
latter sets r->user, the former does not). My question is, why would you 
need both? What functionality is gained by the hook? Also, I see code that 
prevents authz from running if its a combined authn/authz, but nothing to 
prevent the FastCGI backend being called twice for authn. Both 
fcgi_check_authn() and fcgi_check_password() call the FastCGI application 
with the same role. I don't understand enough about the authn pipeline to 
know if this is prevented in some other way. Any clarification greatly 
welcomed.

Kean

Mime
View raw message