You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by "Robert S. Thau" <rs...@ai.mit.edu> on 1995/08/21 16:49:02 UTC

NCSA 1.5 --- a first look

I've spent some time over the past few hours looking over NCSA 1.5b3
(and over the bugs page, which contains at least a little information
on the way their 2.0 release is shaping up).  Sometime over the next
week, I'll be going over it to see if there are any fixes there to
bugs we still have.  In the meantime, some notes, in no particular
order (except 2.0 stuff grouped down below):

*) They changed the licensing terms; as I understand the new ones,
   commercial *use* is allowed, but redistribution for a fee is not,
   nor is sale of derivative works --- at least not without royalties.
   (NCSA 1.4 was PD, free and clear; the new release is different).

*) They've cleaned up the code a bit.  Most (but not all) of the
   globals holding per-transaction information are now fields in
   structures, there are separate header files for different code
   rather than a monolithic httpd.h, and some particular irritants
   ("unmunge_name" --- yeeeech!) have bit the dust.  Still, on the
   whole, it's a great deal closer to 1.4 than, say, Apache is.

*) At least one of the new features confuses me a bit; this is the
   "Satisfy" directive.  As I read the code, this specifies how
   "requires" lines taken as a group interact with allow/deny
   directives taken as a group; it does *not* specify how individual
   allow/deny or requires directives relate to each other.  So, for
   instance,

      <Limit GET>
      Satisfy all
      Allow from ncsa.uiuc.edu
      Allow from ai.mit.edu
      Allow from mcdonalds.com
      </Limit>

   would *not* somehow require a host to be in all three domains (and
   likewise for multiple requires lines).  However, the documentation
   is far from clear on this point.

   (It might have been better to choose a less generic name for this,
   at least if I'm right about what it does --- "NeedHostOrPassword"
   and "NeedHostAndPassword" might wear people out typing, but I bet
   they'd have fewer questions about them than they would about
   "Satisfy Any" and "Satisfy All").

*) Aside from Satisfy, it looks at first blush like the new
   authentication modes (including NIS-map, which seems to be new with
   1.5b3) can be done as Apache modules, though we might eventually
   want to move direct support for decoding what the client sends
   inwards towards the core (as is already done for HTTP Basic auth).
   The one that's the most of a stretch is Kerberos, for which there
   are some new CGI variables which the Kerberos check routines would
   have to dump in r->subprocess_env.

*) Process management is still done the same way --- there's an
   interesting item on the bugs page from someone who had set
   MaxServers to 10 and wanted to know why he had a hundred servers
   running.  (The fd-passing code is getting hairier, by the way;
   they've got something which uses the /proc filesystem on Linux,
   which looks pretty nasty... on the whole, I'm just as happy doing
   something else).




Finally, some interesting notes from Beth Frank on 2.0, and future
directions:

*) NCSA httpd 2.0 will not be a drop-in replacement for 1.x.  Nothing
   yet on how hard it will be to switch.

*) 2.0 will support an "authentication API" allowing people to slot in
   their own authentication code -- Beth actually says "Authentication
   API", which doesn't make it clear whether there will be APIs for
   other functions as well; also, from her description, it sounds
   vaguely as if the custom authentication code runs in a separate
   process from the server itself, but I could just be confused about
   that.  

   There's no sign of this yet in 1.5 --- check_auth() is still pretty
   monolithic.

*) In the future, they're going to try to move towards a concept they
   call the "Repository", which is apparently intended to leverage the
   current web technologies into something which more directly
   supports group activity and collaborative work.  That sort of thing
   requires extensive support on the client side to be effective (in
   terms of good authoring tools and the like); I take it that NCSA is
   actively working on those now as well.

rst