On Sep 5, 2006, at 11:49, Brad Nicholes wrote:
So it sounds like there are two questions being asked. First,
what non-ldap usages are there for authnAlias and second why
doesn't the configuration below work?
I'll answer the second question first. Given the configuration
block below, I don't know why it doesn't work. I just retested the
same configuration and everything worked as expected. The only
issue that I see is setting 'AuthBasicAuthoritative off'. Since
there doesn't appear to be any other authentication type specified
(ie. digest), this directive should either be set to 'on' or
removed and left as default (which is also 'on'). The error
message that is showing up in the error_log is a result of the
default authn handler being hit as a last resort with no auth type
set as default. BTW, given the configuration below, I was also
unable to duplicate the error message even with
AuthBasicAuthoritative set to 'on' which implies that there is
probably some other auth configuration somewhere that is conflicting.
I thought after I sent that I should mention that I tried various
values for AuthBasicAuthoritative, because I am actually a little
confused as to what this means in the context of aliases. Which
Alias is it saying is authoritative?
Anyways, I tried with it on and off, with identical results. I'll try
this on a server with less going on, to see if there is some kind of
conflict with something else that I'm doing.
To answer the first question, the non-ldap example given here is
a perfectly valid use of authnAlias. Basically authnAlias can be
used to create extended providers that use the same base provider
but with different parameters. Another possible example would be
authnDBD:
<AuthnProviderAlias dbd dbd1>
AuthDBDUserPWQuery "select password from authn where username =
%s"
</AuthnProviderAlias>
<AuthnProviderAlias dbd dbd2>
AuthDBDUserPWQuery "select password from authn where
Aliasusername = %s"
</AuthnProviderAlias>
Of course you could craft a better SQL statement that would handle
both situations at the same time, but you get the point. AuthAlias
just appears to be more useful with LDAP because configuring
authnzldap authentication usually requires more than a single
directive that defines authentication criteria (ie. ldap server,
bind user and password).
Thanks, this is a useful example.
--
They went to sea in a sieve, they did
In a sieve they went to see
