tco2 at cornell.edu
Thu Aug 1 14:52:50 UTC 2002
At 01:59 -0400 2002/01/08, Jeffrey M. Vinocur wrote:
>On Tue, 11 Jun 2002, Russ Allbery wrote:
>[ Back from vacation, resurrecting some old threads ]
>> Todd Olson <tco2 at cornell.edu> writes:
>> > Cornell Univ. is about to deploy a cookie based Kerberos proxy system
> > > for Cornell www sites that care about limiting access.
>(Russ, are you still curious about this? I think there are some slides on
>cuwebauth/cuweblogin up on the web which may be informative.)
Sorry about not getting back on this ... I've been (and still am busy)
>Todd, FYI, I don't think you're locked into 2.2 because of the hacks; the
>pluggable resolver scheme introduced with readers.conf should be able to
>do the out-of-band querying you require. (I looked at writing the
>necessary resolver one afternoon, to present to you as fait accompli, but
>couldn't find the necessary libraries. I think it will be
>straightforward; model off the ident resolver which comes with 2.3.)
I appreciate thought and offer of assistance
Maybe we can still do something ...
However, when last I looked at ver 2.3 the hooks were not in
the right places to implement the current Cornell policies.
(policies might be changable, but that is a major project itself)
I've had some vague idea of completely redesigning nnrpd
so the hooks are easier to do and maintain, but so far
I have not had time.
More information about the inn-workers