Chen Shiyuan wrote:
> Cos what I was thinking of is along the line of :-
>
> 1. Apache will authenticate the user by some means.
The problem is that there's no way to tell apache that a certain URL
needs auth from within a module. The only way to force auth is to have it in
the apache config file (not an option for a database-driven site) or
to do it without using apaches' auth mechanism (as we do now). Apache
simply will not activate auth/authz modules for urls/directories that
are not in apaches config files (or .htaccess files).
> 2. Midgard get's the username from the REMOTE_USER variable.
> 3. Midgard checks up with it's own user database to see what
> access/permissions this username have on the website.
> 4. and life goes on...
Possible but for the problem outlined above, and I can't think of a
clean way (or any way AAMOF) to do sitegroups this way.
> Why does midgard want to fetch the uid? can it just stick to the
> username?
All access control is done with uids (at least in 1.4)
Emile
--
This is The Midgard Project's mailing list. For more information,
please visit the project's web site at http://www.midgard-project.org
To unsubscribe the list, send an empty email message to address
[EMAIL PROTECTED]
