You are viewing a plain text version of this content. The canonical link for it is here.

Posted to modperl@perl.apache.org by jb...@team-linux.com on 2000/06/23 00:38:30 UTC

RE: Group authorization information in a downstream chained hand

Take a look at my Apache::AuthenCache. You can stack modules. Someday I will
write Apache::AuthzCache which will do just what you want to do.

On 22-Jun-2000 Christian Gilmore wrote:
> I'm trying to create a cache for group authorization. I'm wondering if
> there's any way I can alter the requires information during the initial
> authorization so that the cache building code can just pick from that which
> group this person matches instead of re-authorizing during cache creation.
> 
> I'd like for the actual authorization handler to not need necessarily to be
> tied to a cache, so doing the entire authorization and caching in one module
> is not optimal, IMO. I'm going for the following (printed below on multiple
> lines just for readability):
> 
>       PerlAuthzHandler
>               Tivoli::Apache::AuthzCache
>               Tivoli::Apache::AuthzLDAP
>               Tivoli::Apache::AuthzCache::manage_cache
> 
> If the require line contains more than one group, I don't believe that I, by
> default, have any way to know, even after AuthzLDAP has completed
> successfully, of which group the client user is a member.
> 
> Any ideas? I intend to release all of these cache and LDAP auth modules when
> complete and put through some testing internally.
> 
> Regards,
> Christian
> 
> -----------------
> Christian Gilmore
> Infrastructure & Tools Team Lead
> Web & Multimedia Development
> Tivoli Systems, Inc.

-- 
Jason Bodnar + jbodnar@team-linux.com + Team Linux

Asleep at the switch!  I wasn't asleep!  I was drunk!

                -- Homer Simpson
                   Homer the Vigilante