Sorry, a bit swamped today, but AFAICT that is not what an auth_checker is underlying httpd API, so I tentatively think that lua dev doc is incorrect. Please have a look at include/http_request.h and server/request.c where the hooks are called. On Mon, Sep 25, 2017 at 9:47 AM, Torsten Krah <krah.tm@xxxxxxxxx> wrote: > Am Montag, den 25.09.2017, 09:30 -0400 schrieb Eric Covener: >> auth_checker is authorization that depends on authentication. You have >> no authentication configured. >> >> The access_checker related ones are user-agnositc and run >> before/without authentication. > > Reading: > > http://httpd.apache.org/docs/trunk/developer/lua.html#basic_auth > > there is the first example in Example 3: > > --[[ > A simple authentication hook that checks a table containing > usernames and > passwords of two accounts. > ]]-- > > and there is the second example which states: > > --[[ > An advanced authentication checker with a database backend, > caching account entries for 1 minute > ]]-- > > So i was under the impression, that this auth_checker is responsible for > authentication - in fact e.g. example 1 does authentication and tells > the request processing which user is there and if it is a authenticated > one (correct password). > > Imho: > > http://httpd.apache.org/docs/trunk/developer/lua.html#authz > > This one seems to be the one which does the authorization, e.g. checks > if the authenticated user from Example 3 does have the correct group > membership. > > If this is wrong like you're suggesting, how is this supposed to work? > Opinions about that? > > kind regards > > Torsten > -- Eric Covener covener@xxxxxxxxx --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|