At 04:36 PM 10/13/2002, Justin Erenkrantz wrote: >--On Sunday, October 13, 2002 3:59 AM -0700 Greg Stein <[EMAIL PROTECTED]> wrote: > >>There were some directive changes, and certainly some different >>modules to load, but nothing in the API department. Moreover, I >>think we can deal with the directives and create some kind of >>backwards-compat stuff. It is just that I'm not entirely sure what >>got dropped and added yet. The modules are a bit tougher. We could >>potentially fix it with hacks to the module loading stuff to key >>off the old names and load the new stuff, but that just feels >>fugly... > >My belief is that the only change is in the *Authoritative directives - we're now >more granular as we can selectively control authoritativeness on authn and authz >modules. There are also some gotchas on the LoadModule lines, but, like you, I'm not >really sure what we can do about that. I think the best thing to do is to document >the module renames.
I challenge you to do so; document both the old and the new so that http://httpd.apache.org/docs-2.0/ clearly documents both the pre-new-auth and post-new-auth. I'm presuming it can't be done -well-, because it hasn't been done. I grappled with the idea this weekend and surrendered. That's when I revisited my original vote to implement this in 2.1 ... like FirstBill offered, I too should have hollered louder. But no users have been harmed, and the code will go in (to 2.0 or 2.1). The fact that we don't know what to do about it speaks volumes as to how difficult this is, and how ill advised this restructuring is for 2.0. Of course we can announce to the world "Hey, we were kidding, 2.0 wasn't GA quality, but now it is, and 2.0.47 is the real GA release." [I'm being tongue in cheek here, I believe along with many developers that 2.0 was as ready for GA as it was ever going to be. We couldn't begin to track down the obscure bits without some adopters telling us exactly what was wrong.] >And, solutions like adding back mod_access or mod_auth can't work since we do not >allow modules to share directives - therefore, there will be confusion internally >about which modules should handle the authorization when both are loaded. That's >badness. -- justin Of course not. Either the revamped auth goes it, or it's reverted. I agree it's too difficult to have both. Bill
