On Tue, 05 Dec 2006 17:06:16 -0800 Chris Darroch <[EMAIL PROTECTED]> wrote:
> What surprised me was discovering that each sub-request (or, > equally, internal redirect) went through the authnz steps despite > the fact that I just had a single blanket authnz configuration for > the entire directory on which I'd enabled mod_dav. Alternative proposal for this scenario that doesn't involve a possible risk of breaking something. mod_auth_inherit In anything that isn't a subrequest, it'll return DECLINED. In a subrequest, mod_auth_inherit will set r->user to r->main->user, without reference to any password lookup. If r->main->user is unset it'll return DECLINED. It'll also set an "inherited" token. A corresponding authz hook will implement a "Require inherit" to enable subrequests with "inherited" set to be authorized, and will run ahead of "normal" authz hooks. Would that be a good solution here? -- Nick Kew Application Development with Apache - the Apache Modules Book http://www.apachetutor.org/
