mån 2010-08-16 klockan 01:43 +0000 skrev Amos Jeffries: > Basic flow around that absorb is: > create empty AuthUser "local_auth_user"
Gah.. I think it should be * Perform auth. Uses and results in an AuthState (scheme specific) or if you prefer AuthRequest but matches badly with both ntlm & digest. * On successful auth an AuthUser is associated with the AuthState to keeptrack of the user long term between authentications. * Failure to perform Auth MAY result in something like an AuthUser to carry the username only, but preferably just keeping an internal record to the AuthState in such case. * High level access to the auth state of the request always goes via AuthState. AuthUser is internal. An AuthUser should not be required to perform Auth. On success also update the ip list for max_user_ip use, linked to AuthUser. No absorb of anything. AuthUser should be scheme-independent, but need to softly link to the schemes using it allowing clean garbage collection and association of scheme state (basic credentials cache, confirmed digest nonces and their related H(A1)) Regards Henrik
