On Sun, 2003-10-12 at 08:10, Henrik Nordstrom wrote:
> Hmm.. this is really best done using a external_acl helper like the other
> group lookups I think. Having a auth helper filter out what users are
> considered to exists in the user database is a bit strange to me..
> authorization is better done separate from authentication and allows for
> a cleaner migration to more detailed authorization levels when required.
There is one good condition: to prevent brute force attacks on guessable
backend users - like root.
Rob
-- GPG key available at: <http://members.aardvark.net.au/lifeless/keys.txt>.
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:20:44 MST