httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John K. Sterling" <j...@sterls.com>
Subject Re: [users@httpd] Multiple auth sources
Date Mon, 07 Jul 2003 19:20:44 GMT
>-- Original Message --
>From: SAQIB <saqib@seagate.com>
>
>I dont think this is possible. Even if it was it would be a security
>issues. A long while back I was looking into this, but didnt pursue due
to
>possible security issues.

how is this a security issue?  the way i read the question he simply wants
to have a couple of auth modules have a chance to authenticate for a given
location.  

Apache definitely does not make this easy, but it is theoretically possible
by figuring out which auth module runs last (either in the module definition,
or based on the order they are loaded) and set it to 'Authoritative on'
(most auth modules have this ability).  Then set all of the other auth modules
to 'Authoritative off'.  

By convention most auth modules support the authoritative concept.  So the
ones that have 'Authoritative off' return DECLINED if they fail (not unauthorized)
allowing other auth modules to get the opportunity to try as well - then
the last one (which is set to 'Authoritative on' returns unauthorized if
it fails too.

hope this helps.

sterling


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message