mod_auth and AuthAuthoritative (was: re: Multimodal authentication)

[Cliff Woolley <jw...@wlu.edu>]

>>> "Cliff Woolley" <jw...@wlu.edu> 01/02/00 08:55PM >>>
>Oops...  nevermind on this one.  I just went back and looked at the
>code for mod_auth again and realized I must have been thinking of
some
>other module.  mod_auth looks okay for this case to me.

Damn me.  I just remembered why I'd thought before that there was some
problem with mod_auth.  Yes, no, yes, forgive me.

Okay, here goes.

It seems to me that AuthAuthoritative is more of a global setting than
a per-directory setting.  Whether it's on or off depends on how you've
compiled your server.  So if you want the default to be "off" (such as
in the example I described in my first message re: Multimodal
authentication, where there's some other module like mod_auth_nds or
mod_auth_ldap compiled in after mod_auth), your only choice is to make a
one line change to mod_auth.c, changing create_auth_dir_config() so that
sec->auth_authoritative = 0 rather than  =1.  It seems to me that you
should be able to set AuthAuthoritative off at the top level (either in
a global config section or at the highest-level per-dir config section,
like <Directory />) and have that setting apply to all subdirectories. 
As it stands now, if you set AuthAuthoritative off at the top level, it
reverts to on as soon as you have a .htaccess file in a directory, which
I don't think is right.

Thoughts?

Thanks, and sorry for all my confusion.  I'm tired.  =-)

--Cliff

Cliff Woolley
Central Systems Software Administrator
Washington and Lee University
http://www.wlu.edu/~jwoolley/

Work: (540) 463-8089
Pager: (540) 462-2303