At 01:32 PM 2/19/2003, Cliff Woolley wrote: >On Wed, 19 Feb 2003, Dietz, Phil E. wrote: > >> For 2.1 and beyond, I'd rather see something more generic. Like a >> mod_authn_odbc or a mod_authn_soap. > >Ironic, since I was just about to say I'm not so keen on adding more >modules to 2.0, and that if it's going in I'd rather have it in 2.1.
I was sorta thinking the same... we seem to be saying that bits of this aren't altogether that flexible, we want different backends, et al, and yet rather than invest the time in structuring 2.1 so that all the auth overhaul is really successful and complete, we want to start maintaining another auth under the old schema? Seems like that would waste more project cycles than really benefiting the direction that auth is taking. I'm sorta -0 on seeing this go into 2.0. I won't scream and yell and flail my arms, and will go where the list takes this, but I wouldn't support introducing it until 2.1. Dropping it in 2.0 would actually be a disincentive (at least for me) to really contributing to the shape up of our own authn/authz logic by the first 2.2 release. BTW - yes I realize the reorganization and new hooks are already done for 2.1. What isn't finished is some mechanism for query and linked lists of credentials; what Dirk has advocated for some time. This module is a perfect back end to illustrate that. So is _hostname, actually, because it's more than just an IP. It's a machine identity, with the root value of an absolute IP address, with sometimes a reverse-dns-validated hostname, and an agent token of the dns server that validated that hostname<->IP relation. What Dirk proposes is to layer all of those nuggets to later unwind the chain of authority, or log it. My goal is to simply check the list of machine-token identifiers and compare 'em all to the Allow or Deny patterns, so that one flavor or another doesn't escape from our scrutiny. But they all benefit from rethinking this logic already. The current 2.0 is goodness, the module is available from and maintained by others, and we are happy to adopt it into our new 'authn/authz' family. But that family won't be born till 2.2. My longwinded 2c, but that's all it's worth. Bill
