You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Doug MacEachern <do...@covalent.net> on 2002/09/17 18:21:24 UTC

auth stuff still broken

a fresh build/install of .42-dev:
Cannot load 
/.../modules/mod_authn_file.so into server: 
/.../modules/mod_authn_file.so: 
undefined symbol: authn_register_provider

stock httpd.conf is installed (by 'make install') with modules in this 
order:
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so

Re: auth stuff still broken

Posted by Justin Erenkrantz <je...@apache.org>.

On Tue, Sep 17, 2002 at 11:50:56AM -0500, William A. Rowe, Jr. wrote:
> I was thinking about this.  What about -eliminating- the mod_authn_default
> and mod_authz_default, merging them into mod_auth, and moving the
> directives from mod_auth_basic and mod_auth_digest into the common
> mod_auth.

Remember there is no mod_auth, and merging the mod_authn_default
and mod_authz_default into a new mod_auth would be contrary to the
entire split - we don't want any single module doing both functions
any more.  (Third-parties could, but we shouldn't.)

> Mod_auth would further include all of the hooks, and be the common
> module that all other mod_auth_foo, authn and authz modules require.
> 
> Does that make any sense?  I'm certain you will have users misconfigure
> the 'backstop' modules (_default flavors) resulting in insecure servers.
> If the 'backstop' _default auth handlers are always loaded as part of the
> core mod_auth, users will have far fewer problems.

Nah.  I don't think that's necessary.  In fact, I'm not really
sure what mod_authn_default should be doing - it's something that
Dirk's patch had - I don't really see why we need a 'backstopper'
module at all.  But, I left that code in there.

To me, it sounds like that could be a 'deny' provider - perhaps
it should be mod_authn_deny.

The use case could be:

AuthProvider file dbm deny

But, if you're going to do that, why not just set dbm to be
authoritative?  So, I'm not sold on keeping this there.  Well, we
could use that and toss the Authoritative directives.  Hmm...

FWIW, Sterling and I have outlined a solution that fixes the DSO
ordering problem by moving the provider API into the core.  It's
now waiting on someone to implement it.  =)  -- justin