Ruediger Pluem wrote:
Yes, this is correct. It is set by AuthDBDUserPWQuery.What sql statement would correspond with "USER_" above?The one set by AuthDBDUserRealmQuery. It is used inside authn_dbd_realm OK, USER_ might the wrong word, but we definitely have two possible different queries with possible the same field names which are put in the same environment namespace.
My understanding of the code is that either the realm query will get run, or the password query will get run - otherwise we would be checking the password twice.
AUTHENTICATE_ entries are only added to the environment for the second and subsequent columns in each query.
If two sql queries are being done, then the admin need only add the extra columns to one of the queries.
If this is ever a problem, the admin can simply give the second query different column names to the first, assuming there are two queries at all.
The point behind the AUTHENTICATE_ is that it is the same as that of mod_authnz_ldap. If you put the sql ones in different namespaces, then it seriously reduces the usefulness of putting this info in the environment, as users of this information now have to care which module did the authz and authn.
Regards, Graham --
smime.p7s
Description: S/MIME Cryptographic Signature
