> This means the client can use any of the secrets in my file, and I > will just test them all, to see if one matches ? > > What is the use case for this behaviour ?
There will be a need to rotate client passwords. This design allows the server to accept both old and new passwords during transition. Then, the clients can be upgraded without interruption. > Would it make sense to have a secret and a user name, so that the > communication would look like this? A user name may reduce the number of SHA1 comparisons (since we'll be able to terminate the search earlier). Currently we don't have any other access restrictions or logging that would benefit from a user name. Do you foresee a need for any user-based authorization mechanisms? Do you foresee a need for a large number of secrets? -- kevin brintnall =~ /kbr...@rufus.net/ _______________________________________________ rrd-developers mailing list rrd-developers@lists.oetiker.ch https://lists.oetiker.ch/cgi-bin/listinfo/rrd-developers
