On 11/15/2013 08:56 PM, Amos Jeffries wrote: > On 16/11/2013 6:13 a.m., Alex Rousskov wrote: >> On 11/15/2013 08:11 AM, Amos Jeffries wrote: >>> On 30/10/2013 5:13 a.m., Tsantilas Christos wrote: >>>> The attached patch add the "auth_param request_format" and "auth_param >>>> request_realm" to proxy authentication schemes. >>>> >>>> The request_format value used to define the format of the helper request >>>> line. It is a "quoted string" with logformat %macro support. A new >>>> %credentials macro can be used to supply user password and other >>>> scheme-dependent information to the helper. >>>> >>>> The request_realm is an authenticated users cache key format, needed >>>> when request_format feature is used to authenticate different users with >>>> identical user names (e.g., when user authentication depends on http_port). >> >> >>> I dont think the idea made it out of the IRC planning discussion properly. >> >> There was a detailed RFC posted after the informal IRC discussion. The >> RFC email date is October 10, 2013. It is rather unfortunate that your >> objections come so late. The primary purpose of RFCs is to prevent the >> waste of resources and confusion related to changing the primary >> functionality of the developed, tested, and often deployed features! >> > > Which did not look much different to what we discussed on IRC. > You discussed there that teh request_realm parameter as alternative to > request_format,
No, I did not discuss request_realm parameter as an alternative to request_format. I proposed it as a solution to use cases where the admin wants to change not just the request format, but the cache key as well. I even provided a list of reasons for allowing an admin to configure the two aspects separately. >>> We need only _one_ format called realm_format. >> >> In other words, you want to restrict the proposed request_realm to its >> proposed default value, eliminating the need for an explicit >> request_realm configuration option, right? > > No. Other way around. realm_format is nicely being appended to the > existing cache key. It needs likewise to be an append on the existing > helper lookup line instead of a full replacement of that line (which is > what request_format does here). OK. Now about the name: "realm_format" is a bad choice IMO because some folks will think that it controls the format of the authentication realm string displayed to the user (for schemes where we can specify that user-visible string). I suggest calling the new option "request_extras". The configured extras will be appended to the helper request and to the cache key. Any better naming ideas? Thank you, Alex.
