Kean
This module registers itself as an authentication provider with
ap_register_auth_provider(). However, it *also* registers as a hook with
ap_hook_check_authn(). The two cases are similar, but subtly different (the
latter sets r->user, the former does not). My question is, why would you
need both? What functionality is gained by the hook? Also, I see code that
prevents authz from running if its a combined authn/authz, but nothing to
prevent the FastCGI backend being called twice for authn. Both
fcgi_check_authn() and fcgi_check_password() call the FastCGI application
with the same role. I don't understand enough about the authn pipeline to
know if this is prevented in some other way. Any clarification greatly
welcomed.
- Question about mod_authnz_fcgi.c Kean Johnston
- Re: Question about mod_authnz_fcgi.c Jeff Trawick
