Am Montag, den 25.09.2017, 09:30 -0400 schrieb Eric Covener: > auth_checker is authorization that depends on authentication. You have > no authentication configured. > > The access_checker related ones are user-agnositc and run > before/without authentication.
Reading: http://httpd.apache.org/docs/trunk/developer/lua.html#basic_auth there is the first example in Example 3: --[[ A simple authentication hook that checks a table containing usernames and passwords of two accounts. ]]-- and there is the second example which states: --[[ An advanced authentication checker with a database backend, caching account entries for 1 minute ]]-- So i was under the impression, that this auth_checker is responsible for authentication - in fact e.g. example 1 does authentication and tells the request processing which user is there and if it is a authenticated one (correct password). Imho: http://httpd.apache.org/docs/trunk/developer/lua.html#authz This one seems to be the one which does the authorization, e.g. checks if the authenticated user from Example 3 does have the correct group membership. If this is wrong like you're suggesting, how is this supposed to work? Opinions about that? kind regards Torsten
smime.p7s
Description: S/MIME cryptographic signature
