> Instead of trying to cram multiple perl-script into the same Authen > phase, which btw could not be done without patching Apache and/or > mod_perl,
if by perl-script you mean mod_perl handlers, that's not really true. currently, mod_perl will run all configured PerlAuthenHandlers until one returns an Apache error (401, 500, etc). when I get back from vacation in a few weeks, the first item on my list is changing this so that mod_perl behaves exactly like Apache: namely, that the first OK passes control to the next phase and terminates the current phase. see http://marc.theaimsgroup.com/?l=apache-modperl-dev&m=105431735200617&w=2 [stuff snipped] > By keeping count like this (and assuming it works in a real > situation), one can device lots of cool ways to add login and password > policies. Just change relevant part in the Bouncer/Ledger. > > (Btw, I am using Cache::FileCache to keep track of number of failed > retries.) I'll take a closer look at this in a few weeks when I'm back full time, but right now I think I would have coded it all in the PerlAuthenHandler - I think that basic housekeeping like last-auth, etc all are ok things to put into that phase, so it makes a certain amount of sense to add your denial rules to that phase as well. anyway, I'm essentially offline for the next two weeks, but if you ping me after that we can talk more. good luck --Geoff