On Tue, 17 Sep 2002, Greg Stein wrote: > On Tue, Sep 17, 2002 at 10:26:02AM -0700, Aaron Bannert wrote: > > On Tue, Sep 17, 2002 at 01:00:44PM -0400, Ryan Bloom wrote: > > > > Does that make any sense? I'm certain you will have users misconfigure > > > > the 'backstop' modules (_default flavors) resulting in insecure servers. > > > > If the 'backstop' _default auth handlers are always loaded as part of the > > > > core mod_auth, users will have far fewer problems. > > > > > > I almost like this, but I wouldn't put it mod_auth. I would put them in > > > the core. The core server has always been the location for our default > > > functions. > > > > +1 for the core, or at least a module that's always statically compiled > > (which is easy to do with the .m4 macros we have). > > Well... as long as "core" means modules/http/. > > But since our running of auth hooks comes from server/, then this stuff > could prolly go there as well. IMO, it sucks that our "core" server knows > about HTTP authentication and authorization. > > In general: sure, this stuff makes some sense in the core rather than > default modules.
It should be in server, please. Remember that many protocol modules use those same hooks to do their authentication. Perhaps this re-org should also try to abstract that stuff out. But, regardless of whether the HTTP-part of the authenticatio is abstracted, please leave the hooks in the /server directory. At some point, it would be really nice to be able to build Apache without the /http module. Ryan _______________________________________________________________________________ Ryan Bloom [EMAIL PROTECTED] 550 Jean St Oakland CA 94610 -------------------------------------------------------------------------------
