> Kinkie: I also agree that separating authentication from access control
> is worth considering, but I think it is kind of orthogonal to what is
> being discussed here. Authentication may or may not be extracted into
> its own step, but it should not spread around the code that has nothing
> to do with it and is very likely to handle it wrong. In other words, it
> would be wrong to try to support something like:
>
> tcp_outgoing_tos authenticate foobar
I agree. In fact, this should be rejected during configuration
validation. Such an explicit approach would allow us to explicitly
limit applicability of the authentication directives where it makes
sense.
-- /kinkieReceived on Thu Mar 22 2012 - 12:02:23 MDT
This archive was generated by hypermail 2.2.0 : Thu Mar 22 2012 - 12:00:06 MDT