You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Brad Nicholes <BN...@novell.com> on 2002/09/16 20:43:10 UTC

When to do the provider lookup - mod_auth_basic/digest.c

   In both mod_auth_basic.c and mod_auth_digest.c, calling
authn_lookup_provider() is done while reading the configuration file and
handling the AuthBasicProvider or AuthDigestProvider directives.  Would
it not be better to do the actual provider look up in a post_config
hook?  This would eliminate the requirement that all provider modules
must be loaded before the base authentication module and allow all
authentication and provider modules to be loaded and registered before
any lookups take place.

Brad

Brad Nicholes
Senior Software Engineer
Novell, Inc., the leading provider of Net business solutions
http://www.novell.com

RE: When to do the provider lookup - mod_auth_basic/digest.c

Posted by Dirk-Willem van Gulik <di...@webweaving.org>.

On Mon, 16 Sep 2002, John K. Sterling wrote:

> the server would start up even if you put in an invalid handler name, but
> it is pretty conventional for auth handlers to startup when not fully/properly
> configured (and just return declined if they get called).

Which allows us poor consultants then earn our keep by fixing this by
putting in 'checks' in the post init phase to prevent the NOC from
bursting out in tears and overrinning the kleenex budget.

Seriously - any check you can do runtime BEFORE the server is really going
up and into operations is great. The extra code is well worth it.

It would be soooo nice if you could (like apachectl does on the outside)
prevent a -HUP graceful restart if the config is not validly parsed.
Rathan have things end up on the floor.

Dw

RE: When to do the provider lookup - mod_auth_basic/digest.c

Posted by "John K. Sterling" <jo...@sterls.com>.

>-- Original Message --
>Reply-To: dev@httpd.apache.org
>Date: Mon, 16 Sep 2002 12:43:10 -0600
>From: "Brad Nicholes" <BN...@novell.com>
>To: <de...@httpd.apache.org>
>Subject: When to do the provider lookup - mod_auth_basic/digest.c
>
>
>   In both mod_auth_basic.c and mod_auth_digest.c, calling
>authn_lookup_provider() is done while reading the configuration file and
>handling the AuthBasicProvider or AuthDigestProvider directives.  Would
>it not be better to do the actual provider look up in a post_config
>hook?  This would eliminate the requirement that all provider modules
>must be loaded before the base authentication module and allow all
>authentication and provider modules to be loaded and registered before
>any lookups take place.


Even better, those could even just be looked up in the check_user_id (or
what have you) phase of the basic/digest handler... its just a hash lookup.
 This would allow for handlers to be added or changed at any time.  Sure,
the server would start up even if you put in an invalid handler name, but
it is pretty conventional for auth handlers to startup when not fully/properly
configured (and just return declined if they get called).

sterling