www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jay Soffian <...@cimedia.com>
Subject Re: apache-api/2024: adding auth_why to conn_rec
Date Wed, 01 Apr 1998 17:10:01 GMT
The following reply was made to PR apache-api/2024; it has been noted by GNATS.

From: Jay Soffian <jay@cimedia.com>
To: dgaudet@hyperreal.org, jay@cimedia.com,
        Apache bugs database <apbugs@apache.org>, Marc Slemko <marcs@znep.com>
Cc:  Subject: Re: apache-api/2024: adding auth_why to conn_rec 
Date: Wed, 01 Apr 1998 11:19:26 -0500

 +--Marc Slemko <marcs@znep.com> once said:
 |On 1 Apr 1998 dgaudet@hyperreal.org wrote:
 |> Just what would AUTH_WHY contain though?  The reasons for access
 |> being permitted are essentially arbitrary...
 |I'm not sure I like the idea either.  It starts going a bit crazy when you
 |look at what modules can actually do for auth...
 |What could be useful is a group field to complement the user field.
 |Users and groups are a reasonably generic concept in many auth modules, so
 |setting the group they were found in could be useful and is something that
 |people do ask for a lot.
 I agree, reasons for access being permitted are arbitrary, but all
 auth modules (at least with all modules I have looked at) act on a
 'require ...'. It is my suggestion then that it is up to the module to
 decide what AUTH_WHY is set to. For the mod_auth files that handle
 'require user ...', 'require group ...', and 'require valid-user', the
 suggested behavior is that they set AUTH_WHY to 'user ...', 'group
 ...', or 'valid-user', where in the case of 'user ...', '...' is the
 username that matched, and in the case of 'group ...', '...' is the
 group the user is a member of that matched.
 For auth_modules that grant access based on other criteria (for
 example, we are using a mod_auth_sys that we modified to work with NIS
 and accecpt 'require netgroup ...'), it is entirely up to module
 author to determine what 'AUTH_WHY' should be set to. As long as their
 behavior is documented, users of 'AUTH_WHY' shouldn't have any trouble
 knowing what to do.
 I would argue that is it even valid for an auth_ module not to set
 AUTH_WHY at all, and that a user of AUTH_WHY should treat this
 condition as 'the reason for access is unknown', and act accordingly.
 Jay Soffian <jay@cimedia.com>                       UNIX Systems Administrator
                                                          Cox Interactive Media

View raw message