At 01:48 AM 8/30/2002, Justin Erenkrantz wrote: >Since no one had any feedback to the earlier posts about splitting >the auth modules into authn/authz, I decided to just call it authn >(old auth) and authz (what Dirk called access). > >http://www.apache.org/~jerenkrantz/new-aaa/aaa-authn-authz-split.tar.gz >http://www.apache.org/~jerenkrantz/new-aaa/split/ (expanded) > >This is an extension over Dirk's aaa.tar.gz that he posted. It >does *not* add the provider API. > >Notes: >- apr_lib.h isn't where apr_password_validate is, it's apr_md5.h. >- renamed mod_access* to mod_authz* >- mod_access.c->mod_authz_default.c >- mod_auth.c->mod_auth_basic.c >- removed all internal prefixes on the config_recs >- style cleanup >- AuthUserFile will be a bit wonky until mod_auth_basic is refactored with > provider support. > >My plan is to commit this tomorrow AM and then add in the provider >support shortly thereafter. Any new files will be created from >scratch rather than try to keep revision history. When we get >done with this, the code won't look anything like what it was before. > >Any objections?
Only one veto here. If it destabilizes the server, and we cannot react to new security incidents, that's not acceptable. Your next comment... >I imagine auth may be a little wonky until this settles down, but >once it settles down, we can ensure we're backwards-compat with the >old aaa system. No one other than Aaron and myself seem interested >in calling this 2.1, so we stay at 2.0 with this and potentially not >having directive back-compat if it doesn't shake out. -- justin ...scares me. Now that it's GA, we should really be treating the 2.0 tree with the same respect and caution we use on the 1.3 tree. It's time for a 2.1-dev tree, if we want to be playing with new ideas, guys. If they test out clean and don't break compatibility [in any significant way] then they can be backported to 2.0. Bill
