dynamic python access control and readers.conf
Russ Allbery
rra at stanford.edu
Sun Jan 12 20:27:45 UTC 2003
Erik Klavon <erik at eriq.org> writes:
> Now that I've hacked things so that the python hooks and readers.conf
> can coexist, a question of precedence comes up. Should the access group
> which matches a client have the final say in what groups that client can
> read and post to, or should the dynamic access control python hook
> (authorize in the existing implementation) override what readers.conf
> (or a dynamically generated access group) specifies? I think the latter
> is the correct behavior, though I am at a loss for a really good example
> that doesn't feel contrived. The intent of the hook according to the
> documentation is to allow for more immediate changes in access control
> rules (e.g. during a single session) without restarting all nnrpd
> processes.
I agree, I think the dynamic controls should override.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
Please send questions to the list rather than mailing me directly.
<http://www.eyrie.org/~eagle/faqs/questions.html> explains why.
More information about the inn-workers
mailing list