> -----Original Message-----
> From: Sander Striker [mailto:[EMAIL PROTECTED]]
> I've been going through the modules/aaa directory
> and found that modules there seem to implement both
> authentication and authorization.
>
> IMO this should be split. Auth and authz are
> completely different things and it would be nice
> to have different modules to do authentication
> in a different way, but still utilize the same
> authorization method.
I believe this has been on the "future" list for apache for a very long
time. I'd like to see it happen. It is nuts that the dozens of mod_auth_*
modules need to redo all that logic.
>
> To accomplish this, an extra field would be needed
> in request_req (and that's probably not going
> to happen): request_req->groups, which holds
> a string with all the groups the authenticated
> user belongs to.
>
Just as a point of information, a relatively frequent request that I hear
from users is to provide group information in an env variable (REMOTE_GROUPS
analagous to REMOTE_USER). This would certainly facilitate that.
Joshua.
