On Mon, 22 Jul 2002, [ISO-8859-1] André Malo wrote: > Hi, > > 'AuthAuthoritative off' and related give the possibility to put some > auth modules into a chain. But it seems that this directive is not very > useful in conjunction with the 2.0 API.
AuthAuthoritative is really just a way to tell mod_auth to return DECLINED instead of UNAUTHORIZED (or visa versa) to allow other modules who HAPPEN to be loaded after mod_auth to be called as well in the case mod_auth either cannot, or does not, authorize the user. This is, as you imply, really not very useful since modules are ordered at compile time - so you cannot determine the order of the modules at run time. There has been a lot of bantering about 'better' ways of doing this - and suggestions are welcome. I have often spoke of having a per directory/location ordering of auth handleres. This would allow you to load a bunch of auth handler modules, then in a given directory elect which ones are run, and what order they run in (and the last one would be assumed authoritatve perhaps). sterling