"Ian Kallen " wrote:
>
> Oooh boy, I think this stuff is a mess (or if it's neater than my
> perception of it, I need to get it clarified for myself :)
Yes, it is very messy. I have a massively cleaned-up version
in my head, but..
> It is my opinion that if AuthUserFile is not specified mod_auth
> should decline; I'm indicating that I don't want mod_auth to have
> any say in the authentication for this resource.
If it is also labelled as authoritative, you have a conflict.
I would prefer to resolve that conflict away from a 500 error
visible to the user, although that is certainly defensible -- it
*is* a config error.
It would be nice if these handlers were passed a flag about
forced authoritativeness -- the last module called should be
considered authoritative even if the config does not expressly
say so.
And if there is a config error, the module that knows what it is
should be the one to log the message, rather than the core
guessing about it.
--
#ken P-)}
Ken Coar, Sanagendamgagwedweinini http://Golux.Com/coar/
Author, developer, opinionist http://Apache-Server.Com/
"All right everyone! Step away from the glowing hamburger!"
