You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by "Jeff A. Earickson" <ja...@colby.edu> on 1998/06/15 16:05:07 UTC
info on Apache authentication API?
Hi,
Can y'all point me to where a description/discussion of the Apache
authentication API is, or is going to be in the future? I have seen
references to such documentation, but haven't been able to find it.
Any plan here that is written down? Any RFC's?
I recently twinked Paul Henson's DCE module for Apache (see
http://www.intranet.csupomona.edu/~henson/www/projects/mod_auth_dce/)
to work with Apache 1.3.0, and I had trouble understanding if DCE
authentication would be done first, then plain (.htpasswd) authentication,
or just one method, or the methods in reverse order, etc.
I've seen other modules for authentication (dbm, PAM, Kerberos) and
I'm wondering what Apache's overall authentication strategy is or will be
for any of these methods. Ideally I would like to see the authentication
module usage delineated in the system access.conf file -- which module
gets used, in what order, what is required. Something like PAM does.
What's the plan here? Thanks.
** Jeff A. Earickson, Ph.D PHONE: 207-872-3659
** Senior UNIX Sysadmin, Information Technology EMAIL: jaearick@colby.edu
** Colby College, 4214 Mayflower Hill, FAX: 207-872-3555
** Waterville ME, 04901-8842
----------------------------------------------------------------------------
I debug, therefore I am.
----------------------------------------------------------------------------
Re: info on Apache authentication API?
Posted by Dean Gaudet <dg...@arctic.org>.
The ordering is determined by the ordering of the modules in the
Configuration file (or the order in which they are loaded with
LoadModule). The first module in the config file (and I think the first
module loaded) is the *lowest* priority. The various *Authoritative
directives determine if a module is able to say that "no that user
definately does not exist". This can be used to short circuit other
modules from being able to handle a particular lookup.
So we already allow control via access.conf, auth is controllable from any
config file. Including .htaccess files if AllowOverrides is set properly.
Other than the numerous examples, there is no documentation.
In the future we hope to abstract this. There need only be a single auth
module. It needs only "lookup key" as a primitive from a db module. So
we'll probably have another API that allows folks to build different
"lookup key" primitves.
Dean
On Mon, 15 Jun 1998, Jeff A. Earickson wrote:
> Hi,
>
> Can y'all point me to where a description/discussion of the Apache
> authentication API is, or is going to be in the future? I have seen
> references to such documentation, but haven't been able to find it.
> Any plan here that is written down? Any RFC's?
>
> I recently twinked Paul Henson's DCE module for Apache (see
> http://www.intranet.csupomona.edu/~henson/www/projects/mod_auth_dce/)
> to work with Apache 1.3.0, and I had trouble understanding if DCE
> authentication would be done first, then plain (.htpasswd) authentication,
> or just one method, or the methods in reverse order, etc.
>
> I've seen other modules for authentication (dbm, PAM, Kerberos) and
> I'm wondering what Apache's overall authentication strategy is or will be
> for any of these methods. Ideally I would like to see the authentication
> module usage delineated in the system access.conf file -- which module
> gets used, in what order, what is required. Something like PAM does.
> What's the plan here? Thanks.
>
> ** Jeff A. Earickson, Ph.D PHONE: 207-872-3659
> ** Senior UNIX Sysadmin, Information Technology EMAIL: jaearick@colby.edu
> ** Colby College, 4214 Mayflower Hill, FAX: 207-872-3555
> ** Waterville ME, 04901-8842
> ----------------------------------------------------------------------------
> I debug, therefore I am.
> ----------------------------------------------------------------------------
>
>
>