David Guerizec <[EMAIL PROTECTED]> writes: > We need to decide if we force disabling /etc/tofmipd authentication > when using -R and/or -A, or if we provide a new flag for the user to > specify she doesn't want to fallback to /etc/tofmipd auth. > > I'm all for the second option and I've already made a patch that adds a > -n/--nofallback flag to tmda-ofmipd. I'll commit it if this option is > voted.
The issue of checking the perms/owner of /etc/tofmipd is somewhere down on my list. It's obviously related to this. I hadn't had a chance to think about this, but I tend to think David's suggestion is rather nice. I do think that the fallback to /etc/tofmipd (if a -R or -A has been specified is unlikely, rather than likely, so I wonder if the flag shouldn't be --fallback, rather than --nofallback. In other words, I suspect it will be unusual, rather than usual, for admins to use hybrid authentication schemes. Other than that nit, I say go for it. Then we can choose to test or not to test /etc/tofmipd's perms/owner based on whether or not the file will ever be used. That should clear up what appears to be a weekly question on users. Tim _________________________________________________ tmda-workers mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-workers
