Brandon Fosdick wrote:
Noobie question...what's the difference between authentication,
> authorization and access?
Authentication asks "is this user who they say they are", this stage usually involves a username and password of some sort, or a certificate, etc.
Authorisation asks "is this user allowed to access this resource". Here the "require" directive specifies whether just being known to the system is enough, or whether further group membership is required.
From a module perspective these two tasks are handled in two separate steps. Usually the second step relies on the first step, but it is still possible to be authenticated by one module (for example, an SSL certificate) and authorised by another module (for example, checking if the certificate DN is a member of an LDAP group).
Regards, Graham --
smime.p7s
Description: S/MIME Cryptographic Signature
