On Tue, Sep 17, 2002 at 11:50:56AM -0500, William A. Rowe, Jr. wrote: > I was thinking about this. What about -eliminating- the mod_authn_default > and mod_authz_default, merging them into mod_auth, and moving the > directives from mod_auth_basic and mod_auth_digest into the common > mod_auth.
Remember there is no mod_auth, and merging the mod_authn_default and mod_authz_default into a new mod_auth would be contrary to the entire split - we don't want any single module doing both functions any more. (Third-parties could, but we shouldn't.) > Mod_auth would further include all of the hooks, and be the common > module that all other mod_auth_foo, authn and authz modules require. > > Does that make any sense? I'm certain you will have users misconfigure > the 'backstop' modules (_default flavors) resulting in insecure servers. > If the 'backstop' _default auth handlers are always loaded as part of the > core mod_auth, users will have far fewer problems. Nah. I don't think that's necessary. In fact, I'm not really sure what mod_authn_default should be doing - it's something that Dirk's patch had - I don't really see why we need a 'backstopper' module at all. But, I left that code in there. To me, it sounds like that could be a 'deny' provider - perhaps it should be mod_authn_deny. The use case could be: AuthProvider file dbm deny But, if you're going to do that, why not just set dbm to be authoritative? So, I'm not sold on keeping this there. Well, we could use that and toss the Authoritative directives. Hmm... FWIW, Sterling and I have outlined a solution that fixes the DSO ordering problem by moving the provider API into the core. It's now waiting on someone to implement it. =) -- justin
