On 11/15/2013 08:56 PM, Amos Jeffries wrote:
> On 16/11/2013 6:13 a.m., Alex Rousskov wrote:
>> On 11/15/2013 08:11 AM, Amos Jeffries wrote:
>>> On 30/10/2013 5:13 a.m., Tsantilas Christos wrote:
>>>> The attached patch add the "auth_param request_format" and "auth_param
>>>> request_realm" to proxy authentication schemes.
>>>>
>>>> The request_format value used to define the format of the helper request
>>>> line. It is a "quoted string" with logformat %macro support. A new
>>>> %credentials macro can be used to supply user password and other
>>>> scheme-dependent information to the helper.
>>>>
>>>> The request_realm is an authenticated users cache key format, needed
>>>> when request_format feature is used to authenticate different users with
>>>> identical user names (e.g., when user authentication depends on http_port).
>>
>>
>>> I dont think the idea made it out of the IRC planning discussion properly.
>>
>> There was a detailed RFC posted after the informal IRC discussion. The
>> RFC email date is October 10, 2013. It is rather unfortunate that your
>> objections come so late. The primary purpose of RFCs is to prevent the
>> waste of resources and confusion related to changing the primary
>> functionality of the developed, tested, and often deployed features!
>>
>
> Which did not look much different to what we discussed on IRC.
> You discussed there that teh request_realm parameter as alternative to
> request_format,
No, I did not discuss request_realm parameter as an alternative to
request_format. I proposed it as a solution to use cases where the admin
wants to change not just the request format, but the cache key as well.
I even provided a list of reasons for allowing an admin to configure the
two aspects separately.
>>> We need only _one_ format called realm_format.
>>
>> In other words, you want to restrict the proposed request_realm to its
>> proposed default value, eliminating the need for an explicit
>> request_realm configuration option, right?
>
> No. Other way around. realm_format is nicely being appended to the
> existing cache key. It needs likewise to be an append on the existing
> helper lookup line instead of a full replacement of that line (which is
> what request_format does here).
OK.
Now about the name: "realm_format" is a bad choice IMO because some
folks will think that it controls the format of the authentication realm
string displayed to the user (for schemes where we can specify that
user-visible string). I suggest calling the new option "request_extras".
The configured extras will be appended to the helper request and to the
cache key. Any better naming ideas?
Thank you,
Alex.
Received on Sat Nov 16 2013 - 05:38:27 MST
This archive was generated by hypermail 2.2.0 : Sat Nov 16 2013 - 12:00:11 MST