>>> On 2/10/2006 at 5:58:43 pm, in message <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote: > Joshua Slive wrote: >> On 1/26/06, Ian Holsman <[EMAIL PROTECTED]> wrote: >> >>>Hi Joshua: >>> >>>httpd.conf.in has the new structure >>>httpd-std.conf (the one I was looking at) didn't ;( >> >> >> Hmmm... httpd-std.conf doesn't exist in trunk. > > Just ran into this and couldn't quite believe what I was seeing. > > I have a similar config on a server and basically unless you're very > careful you end up shutting people out! This change in auth seems to > make no sense to me. > > It's adding a lot of complexity to config files. Do we really need to > make this change? Really? > > At the very least can someone please document how config files need to > be changed... And no, I don't think having it in a sample config file is > enough. > > davi
Yes, we do need to make this change. With the provider based rearchitecting of authentication in httpd 2.2, this left authorization in an unpredictable state especially when using multiple authorization types. You were never quite sure which one was going to happen first and had no way to order them or control them. With that, there was also a growing demand to be able to apply AND/OR logic to the way in which authorization is applied. So basically this change brings authorization up to the same level of power and flexibility that currently exists in httpd 2.2 for authentication. Hence being new functionality, there are bound to be bugs that need to be fixed, especially with backwards compatibility. So let's get the bugs identified and fixed. Brad
