Hello, >From what I've read, the authentication API has been rewritten in Apache 2.1. >As there is not many docs at http://mod-auth.sourceforge.net/docs/ (link to "Changes from 2.0" is broken), I want to know more. One of the things I've been disappointed with in Apache 1.3 or 2.0 is that authentication backends and authentication types aren't clearly separated. Note: by auth backends I understand users/groups referentials (where is users and groups information stored?).
As an example, let's look at 2.0 authentication modules: * mod_auth: offers Basic Auth auth type, using a file-based users and groups referential. * mod_auth_anon: I've never tried that, but it looks like a Basic Auth where the authorized set of users is hard-coded within an Apache directive. No group notion. * mod_auth_dbm: offered auth type is Basic Auth, users and groups referential: DBM type database. * mod_auth_digest: offers Digest Auth, using a file-based users and groups refential. * mod_auth_ldap: offers Basic Auth, using an LDAP-based users and groups referential. * mod_ssl: offers strong authentication using X509 certificates. No users or groups referential, only valid (issued by a known CA) certificates are allowed to access a protected resource. Some third-party modules: * mod_auth_mysql: offers Basic Auth, using a MySQL-based users and groups referential. * mod_auth_sspi: offers NTLM authentication, using a Windows Domain Controller for the users and groups referential. * mod_auth_kerb: offers Kerberos authentication, using a Windows Domain Controller for the users and groups referential. I believe each time you want a new combination of auth type and auth backend, you need to create a new module. What if, for a protected resource, I want to auth users with X509 certificates and then check if the cn value of the presented Subject DN exists in the users referential I use, which is stored on a SQLite database? Or if I want to combine Digest authentication and a LDAP-based users referential? Is it really to do so possible without developing new modules? In case multiple auth types or backends are used, there should be a way to delegate the authentication phase to another module (the "Authoritative" thingie most of the modules implement). We should be able to try AuthType1/AuthBackend1, then AuthType2/AuthBackend1 and finally AuthType3/AuthBackend2. Does the new API brings solutions to this? Or can anyone enlight me about the new features introduced by the auth API in 2.1? Thanks for your feedback, -- Julien ALLANOS --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
