I'm trying to create a cache for group authorization. I'm wondering if
there's any way I can alter the requires information during the initial
authorization so that the cache building code can just pick from that which
group this person matches instead of re-authorizing during cache creation.
I'd like for the actual authorization handler to not need necessarily to be
tied to a cache, so doing the entire authorization and caching in one module
is not optimal, IMO. I'm going for the following (printed below on multiple
lines just for readability):
PerlAuthzHandler
Tivoli::Apache::AuthzCache
Tivoli::Apache::AuthzLDAP
Tivoli::Apache::AuthzCache::manage_cache
If the require line contains more than one group, I don't believe that I, by
default, have any way to know, even after AuthzLDAP has completed
successfully, of which group the client user is a member.
Any ideas? I intend to release all of these cache and LDAP auth modules when
complete and put through some testing internally.
Regards,
Christian
-----------------
Christian Gilmore
Infrastructure & Tools Team Lead
Web & Multimedia Development
Tivoli Systems, Inc.