Markus Roberts wrote: > J -- > > It occurs to me that the logical extension of a Dashboard RBAC system > (or perhaps even moving elements of the problem upstream) is for > auth.conf to recognize users or perhaps better "roles" as an > authentication construct. > > > I like. There would be some details that should be sorted out up front > (e.g. if there's an allow rule for the role but a deny rule for the IP, > what happens) but assuming these could be given a clear and coherent > answer (which we would of course document and test, right?) it could be > extremely useful for not too much effort.
I think we'd do something like: auth.conf auth_order = role,host Make priority configurable with a rational default. James -- James Turnbull Puppet Labs 1-503-734-8571 -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to puppet-dev@googlegroups.com. To unsubscribe from this group, send email to puppet-dev+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
