You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Cliff Woolley <jw...@wlu.edu> on 2000/01/03 03:07:27 UTC
mod_auth and AuthAuthoritative (was: re: Multimodal
authentication)
>>> "Cliff Woolley" <jw...@wlu.edu> 01/02/00 08:55PM >>>
>Oops... nevermind on this one. I just went back and looked at the
>code for mod_auth again and realized I must have been thinking of
some
>other module. mod_auth looks okay for this case to me.
Damn me. I just remembered why I'd thought before that there was some
problem with mod_auth. Yes, no, yes, forgive me.
Okay, here goes.
It seems to me that AuthAuthoritative is more of a global setting than
a per-directory setting. Whether it's on or off depends on how you've
compiled your server. So if you want the default to be "off" (such as
in the example I described in my first message re: Multimodal
authentication, where there's some other module like mod_auth_nds or
mod_auth_ldap compiled in after mod_auth), your only choice is to make a
one line change to mod_auth.c, changing create_auth_dir_config() so that
sec->auth_authoritative = 0 rather than =1. It seems to me that you
should be able to set AuthAuthoritative off at the top level (either in
a global config section or at the highest-level per-dir config section,
like <Directory />) and have that setting apply to all subdirectories.
As it stands now, if you set AuthAuthoritative off at the top level, it
reverts to on as soon as you have a .htaccess file in a directory, which
I don't think is right.
Thoughts?
Thanks, and sorry for all my confusion. I'm tired. =-)
--Cliff
Cliff Woolley
Central Systems Software Administrator
Washington and Lee University
http://www.wlu.edu/~jwoolley/
Work: (540) 463-8089
Pager: (540) 462-2303