From: Gavin C. <ga...@op...> - 2006-09-09 23:54:58
|
On Sat, Sep 09, 2006 at 07:07:48PM -0400, Christopher Murtagh wrote: > On 9/9/06, Gavin Carr <ga...@op...> wrote: > > Note that this isn't quite what I'm asking for Chris. "Pluggable" > > authentication implies specific support by the appliation of auth > > scheme X. I'm after "external" authentication, meaning you do the auth > > at the apache level using any authentication module apache supports, > > and SL just accepts the authenticated user as given to it by apache. > > There's a place for both, but I'm specifically interested in the > > second. > > The two things that you describe are one and the same. Pluggable > authentication means that you create APIs for different authentication > mechanisms, so that these mechanisms handle the authentication, and > the application trusts it throught the API. 'auth scheme X' in this > case is 'Basic HTTP authentication' which will definitely be one of > the authentication schemes that we can support. That's not really correct. The issue is who is doing the authentication. If the app does it (and uses an api to allow it swap different schemes in and out), that's pluggable; if apache does it and the app just accepts the results, that's external. 'Basic HTTP Authentication' is just a particular HTTP authentication method, and orthogonal to this point - either the app or apache could support Basic authentication, alongside any other scheme. But if you're planning to support external REMOTE_USER authentication, then that would be great. Cheers, Gavin |