At 10:21 AM 3/7/2005, Paul Querna wrote: >I disagree. The current authentication in 2.1 is far far better than what 2.0 >has. I have been using it in production variations for over 2 years now. >Just the ability to use any authentication backend with Digest is a huge >improvement.
>++1 - and I've always agreed. My only question is does the new API >make it impossible to do simple things. > >I believe the best method is to attack it at the point of least work, and if >it ends up being good, look at extending it to everything. > >I think it should be hacked into mod_authnz_ldap, and if it works, then work >can be done to generalize it to all the authnz modules. Right now we really >don't know what is required to get it done. It is all just mailing list talk >and theory. Ok, I'd seriously disagree :) mod_authnz_ldap is already difficult enough to follow, keeping it as fundamental as it is today, and extending this externally, ensures we don't add bugs to _ldap just as we want to release a beta. >I do not believe it is appropriate to threaten a -1 veto on 2.2.0 for this >issue. Whoops - I never said veto to 2.2 (I don't think) ... you can't veto a beta. You vote, and it's majority rule on releases (and always has been.) Minimum 3 +1's, more +1's than -1's. >Its not a regression, its not something we have a patch for, its something >that didn't exist a week ago. If the new API makes things more difficult, it's a regression. This AAA provider discussion just offers us the opportunity to really evaluate the usefulness of the new API, are things going to be better or worse when you want to do something beyond add a single-use provider. And maybe the API doesn't interfere in which case we prove that the new API doesn't hinder development, but promotes it. We already know the new API makes it simpler to implement SQL, ODBC or other back ends folks care to create or port to 2.2 Bill
