Hi, As I said in preamble this is an experimental work toward a fully pluggable authentication system. This first part only extracts the SSL stuff.
On Tue, 2010-11-30 at 15:41 -0800, Nick Lewis wrote: > Thanks for your contribution. Matt Robinson and I looked your patch > over, and have a few comments. I like the idea, and the code is > reasonable, but we'd like to see another example auth plugin, using > this new system. Without that, it's hard to design a suitable > authentication API. That's correct. In my mind, I was thinking that more hooks would be necessary when implementing a new scheme. Since I don't know what kind of new auth system will be designed, I think the code will evolve by itself. > Additionally, we spent about an hour trying to implement a "none" > authentication type, and ran into several problems. We weren't sure > which methods we needed to implement, so we just copied what the SSL > system implemented and adjusted them to suit our needs. We'd like to > spend more time figuring out how to make this work, but it's not a > high priority right now. I think it is only necessary to implement everything ssl does, but with empty method body. As I said earlier I won't release any none security plugin. I might do an HTTP basic auth system just to provide another plugin, though. Basically the plugin is split in 4 parts: * client setup * client http initialization * server setup * server network authentication handlers (ie webrick, mongrel, rack) The first 2 are merged in the same class. To implement a none security, everything should be empty and the authentication handlers should always return true. One thing that the current system doesn't support but that I'd like to see is inheritance between plugins. Let's say, you want to implement the said HTTP basic auth over SSL, you'd want to reuse at least the server side SSL part. > It would be nice to have a simple alternate authentication system > (even a "none" system like we tried to write) which would help > motivate these changes. That would also help figure out the API, since > other authentication systems may not necessarily have the same logical > setup steps that SSL does. Anyway, thanks fo trying the patch. I'll try to code the HTTP basic auth stuff over the week-end if I have some time (that was on my totolist anyway). -- Brice Figureau Follow the latest Puppet Community evolutions on www.planetpuppet.org! -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
