mån 2010-08-16 klockan 01:43 +0000 skrev Amos Jeffries:
> Basic flow around that absorb is:
> create empty AuthUser "local_auth_user"
Gah.. I think it should be
* Perform auth. Uses and results in an AuthState (scheme specific) or if
you prefer AuthRequest but matches badly with both ntlm & digest.
* On successful auth an AuthUser is associated with the AuthState to
keeptrack of the user long term between authentications.
* Failure to perform Auth MAY result in something like an AuthUser to
carry the username only, but preferably just keeping an internal record
to the AuthState in such case.
* High level access to the auth state of the request always goes via
AuthState. AuthUser is internal.
An AuthUser should not be required to perform Auth.
On success also update the ip list for max_user_ip use, linked to
AuthUser.
No absorb of anything.
AuthUser should be scheme-independent, but need to softly link to the
schemes using it allowing clean garbage collection and association of
scheme state (basic credentials cache, confirmed digest nonces and their
related H(A1))
Regards
Henrik
Received on Mon Aug 16 2010 - 02:13:40 MDT
This archive was generated by hypermail 2.2.0 : Mon Aug 16 2010 - 12:00:04 MDT