>Number: 2024 >Category: apache-api >Synopsis: adding auth_why to conn_rec >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: open >Class: change-request >Submitter-Id: apache >Arrival-Date: Tue Mar 31 20:10:01 PST 1998 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: any >Environment: n/a >Description: Currently, once a user is authorized access, there is no way for other modules nor CGI's to know why the user is authorized. They get AuthType and remote_user information, but knowing the reason for the authorization is also useful.
For example, if a directory was protected with: require group foo bar and a user was granted access because they were a member of group bar, then conn_rec.auth_why would be set to "group bar". This information could be made available to CGI's by setting "AUTH_WHY" in util_script.c If this sounds resonable, let me know. I'm working on the required changes for 1.2.x. I can make similar changes to 1.3 and submit patches >How-To-Repeat: >Fix: >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ]
