Hi Kevin, On Sat, May 23, 2009 at 04:30:17PM -0500, kevin brintnall wrote: > Any ideas on how the authorization scheme may change once we have > per-user authentication (i.e. with client certs)?
my plan for authentication was something along these lines: -P flush,stats/flushall,update All commands before the slash (`/') can be used with or without authentication, the commands following the slash can only be used when authenticated. In this case `flush' and `stats' can be used without authentication, `flushall' and `update' require authentication, other commands cannot be used. This doesn't work with a per-user authorization setup, I'm afraid. To do that, we could adopt a slightly different argument syntax: -P [user0[,user1[...]]=]command0[,command1[...]] For example: -P flush,stats -P foo,bar=flushall,update In this example the commands `flush' and `stats' can be used without authentication again, the commands `flushall' and `update' may be used by the users `foo' and `bar' after they authenticated. For a more complicated and/or fine-grained we should probably think about implementing support for a configuration file. Any feedback is welcome, of course. :) Regards, -octo -- Florian octo Forster Hacker in training GnuPG: 0x91523C3D http://verplant.org/
signature.asc
Description: Digital signature
_______________________________________________ rrd-developers mailing list rrd-developers@lists.oetiker.ch https://lists.oetiker.ch/cgi-bin/listinfo/rrd-developers