readers.conf proposal: (was Re: incoming.conf length limits)

Todd Olson tco2 at cornell.edu
Fri Jan 31 14:44:07 UTC 2003


At 18:43 -0500 2003/01/30, Jeffrey M. Vinocur wrote:
>On Thu, 30 Jan 2003, Russ Allbery wrote:
>
>> Part of me is inclined to argue that anyone doing the sort of access
>> control that really needs this level of detail ideally wants to just
>> construct a custom group pattern for each user entirely inside their
>> custom-written authentication hook, and if we add that to the external
>> auth protocol like it already is in the Perl and Python hooks, that will
>> address the problem.  But that's something of a cop-out, since I can
>> easily construct artificial examples where that would require writing a
> > custom authenticator where one isn't necessary now.

Hum ... just a nit about wording ...  perhaps you meant to write

>Ah, but this is fundamentally access control, and not authorization.  I
                                                        ^^^^^^^^^^^^^
                                                        authentication
???

I though that 'access control' was 'authorization' ... ???

> 
>definitely don't want to duplicate my (hypothetical) "take the union of
>all these access lists" code into every authenticator and resolver I use!

I agree.  I shudder at the idea of having to wire up autheticators
with authorization code.  They should be separate.

Regards,
Todd Olson
Cornell University


More information about the inn-workers mailing list