On Thu, 22 Jun 2000, Christian Gilmore wrote:
> I'm trying to create a cache for group authorization. I'm wondering if
> there's any way I can alter the requires information during the initial
> authorization so that the cache building code can just pick from that which
> group this person matches instead of re-authorizing during cache creation.
>
> I'd like for the actual authorization handler to not need necessarily to be
> tied to a cache, so doing the entire authorization and caching in one module
> is not optimal, IMO. I'm going for the following (printed below on multiple
> lines just for readability):
>
> PerlAuthzHandler
> Tivoli::Apache::AuthzCache
> Tivoli::Apache::AuthzLDAP
> Tivoli::Apache::AuthzCache::manage_cache
>
> If the require line contains more than one group, I don't believe that I, by
> default, have any way to know, even after AuthzLDAP has completed
> successfully, of which group the client user is a member.
>
> Any ideas? I intend to release all of these cache and LDAP auth modules when
> complete and put through some testing internally.
you can override the 'requires' directive using directive handlers, you'll
just need to manage the structure yourself.
