On Sep 19, 10:46 pm, Robin Becker <[EMAIL PROTECTED]> wrote: > Graham Dumpleton wrote: > > ......... > > >>> In 2.0 there seems no way to provide another > >>> authorizer without writing an apache module. > >> Correct. > > > Whoops. Not strictly true. You can write one with mod_python by > > implementing a authzhandler(). You just need to know what you are > > doing. ;-) > > ........ > that's what the django approach is doing :)
Not properly though. Your Django code is combining both authentication and authorisation phases into what is the authentication handler. In other words, how it is doing things is wrong and isn't how things are meant to be done in Apache. Although your code works with Apache 2.0, you will find that it probably will not work correctly in Apache 2.2 because of the tightening up on how authentication/authorisation works. I know Jacob will concur on this given the issues he had in this area in moving the main Django site to Apache 2.2. :-) In short, processing of the Require directive is not meant to be done in the authentication phase. It is supposed to be done in the authorisation phase instead. As a result, you will have a bit of fun battling with Apache 2.2 authorisation phase with that code as is. Graham --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
