"Richard Basch" writes:
> It is fine to assume that there may be times when this weak level of
> security is appropriate, such as accessing system-level software prior
> to a user logging in, or for machines to save statistics in a central
> repository when no authentication is possible. However, this should be
> explicit decisions and system:authuser should imply that strong
> authentication has been performed. IP checks are weak authentication
> (and I would argue that they are not even authentic, given the number of
> times I have seen that spoofed).
I agree with you. However, the real problem is that system:authuser
is getting overloaded. PT groups aren't flexible enough to handle the
name space of users and machines. Not being able to put a large number
of principals into one group, and not being able to put groups within
groups, are the real problems. If those two were solved, then I bet
reliance on system:authuser would drop.
< Paul
