Sander Striker wrote:
> IMO this should be split. Auth and authz are
> completely different things and it would be nice
> to have different modules to do authentication
> in a different way, but still utilize the same
> authorization method.
I'm not sure if splitting them will accomplish this though. From the
LDAP auth stuff, the authentication phase and the authorisation phase
are separate, but share common configuration parameters (LDAP bind info,
for example), so splitting them wouldn't make much sense.
Also - there isn't a clear line over what constitutes an authentication
token - again, the LDAP authenticator converts a provided username into
a DN, which the authorisation phase uses to apply to the require
directives. If you have to mix up the different modules, you would need
to make sure they are all talking the same language (so to speak).
Regards,
Graham
--
-----------------------------------------
[EMAIL PROTECTED] "There's a moon
over Bourbon Street
tonight..."
S/MIME Cryptographic Signature
