>
>
> Not really, the current Apache doesn't let you decide on the fly whether
> to challenge the client with basic auth or not unless you use .htaccess.
If I wrote my own PerlAuthHandler, could it then choose whether to pass through
to the standard AuthHandler?
> .htaccess is not used only for auth!!! it's used for adding per-directory
> extra configuration (usually to override the defaults).
Yes I was envisioning something along these lines in the config file:
<Perl>
#code to determine paid status
if ($paid) { $AllowOverride = "AuthConfig" }
</Perl>
Or something like that. Not being a mod_perl guru I don't know the syntax, but
I wondered if a construct like this would work on a per-hit basis, or if not, if
someone knew a better one.
> So your second question has nothing to do with the first one :)
You're right. one dealing with feasibility of checking for .htaccess files based
on perl code, and one with scalability--not checking for .htaccess files when
not necessary.
>
> You can specify the Auth data in your httpd.conf and avoid creating
> .htaccess, saving processing time, but making it harder to maintain
> (requires server restart for each modification, whereas .htaccess allows
> to do 'hot' modifications without restarting the server.
That is not feasible, because if we can't even afford to put a VirtualHost tag
in for every user, how much less could we afford auth data and server restarts?
But you may be on the right track. Can we use perl code in the global config
file to control auth? I just want a way to activate the standard auth handler
per-hit. It has to be possible in mod_perl. Someone out there has to be wizard
enough to know how. Hopefully that person will be reading this soon.
Thanks,
Mark
