On Tue, Nov 15, 2005 at 04:11:27PM -0700, Brad Nicholes wrote: > One other thing, the authorization type (valid-user, user, group, > etc.) should be unique among all of the authorization modules. In other > words, only one authz module should be implementing valid-user not every > module like in the 2.0 architecture. This is the main reason why you > now see the authz types like ldap-user, ldap-group, etc. implemented in > mod_authnz_ldap rather than user and group all over again. There are a > couple of exceptions to this which are Group and File-Group implemented > in both mod_authz_dbm and mod_authz_groupfile. I looked into trying to > fix this conflict only to find out that there is a reason for it and it > works in this case (although still confusing). Keeping the naming > unique doesn't necessarily solve the ordering problem if you do > something like
Huh. I wonder if 'require' becomes the provider vector for authorization? That is, each module registers a 'require' function provider that can then be invoked by an authorization module processing the 'require' directive at request-time? -- justin
