Am Montag, den 25.09.2017, 09:30 -0400 schrieb Eric Covener:
> auth_checker is authorization that depends on authentication. You have
> no authentication configured.
>
> The access_checker related ones are user-agnositc and run
> before/without authentication.
Reading:
http://httpd.apache.org/docs/trunk/developer/lua.html#basic_auth
there is the first example in Example 3:
--[[
A simple authentication hook that checks a table containing
usernames and
passwords of two accounts.
]]--
and there is the second example which states:
--[[
An advanced authentication checker with a database backend,
caching account entries for 1 minute
]]--
So i was under the impression, that this auth_checker is responsible for
authentication - in fact e.g. example 1 does authentication and tells
the request processing which user is there and if it is a authenticated
one (correct password).
Imho:
http://httpd.apache.org/docs/trunk/developer/lua.html#authz
This one seems to be the one which does the authorization, e.g. checks
if the authenticated user from Example 3 does have the correct group
membership.
If this is wrong like you're suggesting, how is this supposed to work?
Opinions about that?
kind regards
Torsten
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
|