On Thu, Aug 26, 2021 at 4:31 PM Daniel Shahaf <d...@daniel.shahaf.name> wrote: > > Johan Corveleyn wrote on Thu, 26 Aug 2021 12:41 +00:00: > > On Wed, Aug 25, 2021 at 8:52 PM Daniel Shahaf <d...@daniel.shahaf.name> > > wrote: > > > This thread is on dev@ as opposed to users@, so I'm trying to solve the > > > problem generically, rather than just your specific $WORK scenario. > > > > I get the feeling I'm missing something, but I still don't understand > > what authz has to do with the problem at hand here (i.e. detecting > > expired passwords so we can ask the user for the new one). > > Your problem statement is "Replace cached passwords that are expired". > > I'm solving a more general problem statement, "Replace cached passwords > that can't be used to commit with", regardless of why.
Okay, sure, but that's another question than what we started with. BTW, I don't really follow how you can replace just a cached password for getting "write access". Doesn't "upgrading from read-only to read-write access" also imply using another username? Or can I have two passwords for one user, where one gives me read-only access and one gives me write access? I.e. shouldn't the more general problem statement be "Replace cached username+passwords that can't be used to commit with"? (hence my first response with "huh, shouldn't a --username make that problem moot"? I.e. the user knows which user he's willing to connect with, and he knows the authz rules, he just wants the password to be checked and "re-cached" if need be) -- Johan
