> note that this situation is a bit different from the others since the > apache core will pass ALL requirements (limited or not) to every auth > module. Each individual auth module can make its own decision in this > case (i.e. there are requirements for some methods and no requirements > for other methods). This is along that grey line of 'this is how the > "standard" auth modules deal with this situation' - not 'this is how auth > will work in apache'.
But solving that would mean an overhaul of the require parsing; i.e. allow modules to 'claim' those - akin to how they claim Directives. Dw.
