On Wednesday 09 November 2005 17:28, Justin Erenkrantz wrote: > --On November 8, 2005 7:21:54 PM -0500 Geoffrey Young > > <[EMAIL PROTECTED]> wrote: > > you really think so? I think it's mistakenly given an authz namespace, > > giving users the impression it steps in after authentication, or does > > something else specifically based on r->user. at least any users who > > have bothered to wrap their heads around the entire aaa idiom and phase > > separations. > > It runs with the access_checker/auth_checker hook.
That's two hooks of course, and not even contiguous. > Which is an > authorization hook. (So, yes, this implies that I think the > access_checker/auth_checker split is off-kilter - they should really be the > same, I think.) That would lose Satisfy [Any|All]. We could rebuild the functionality on AuthAuthoritative logic, but that's harder. > But, I'll admit that mod_access_host isn't entirely bad. Good. > However, it'd be > really nice to re-do the second half of our auth system, Agreed, authz isn't pretty. OTOH, mod_[access|authz](_host)? is well clear of authz ugliness. Why chuck away the bit that definitely doesn't want fixing? > but I worry that > Sander's completely forgotten about his promises to do that. =) -- justin Someone'll do it. Eventually. But not in time for 2.2. -- Nick Kew
