On Wed, Sep 9, 2009 at 8:57 AM, Dan Poirier <poirier@pobo...> wrote:

> mod_auth_digest cannot implement nonce-count checking or the md5-sess
> algorithm if the platform doesn't have shared memory.
>
> Right now, if the admin configures either of these options and the platform
> doesn't have shared memory, the module issues a warning and continues
> without the requested option.
>
> In my opinion, if a security check that the admin requested in the
> configuration cannot be implemented, it should be more than a warning; it
> should be a fatal startup error.
>
> What's the consensus on changing this?
>
> 1) What's the right behavior?
>

fail at startup


>
> 2) If it should be changed, what's the best way to do it?  The change could
> break configurations that currently appear to "work", although they're not
> really doing what the admin configured them to do.
>

how many affected configurations are we talking about?

* did anything that needed shared memory really work before your recent
fixes?
* are either of these unsupported features the default?
* what platforms have no APR support for shared memory?