[cvsnt] Re: Latest updates
Glen Starrett
grstarrett at cox.net
Mon Aug 23 01:29:27 BST 2004
Tony Hoyle wrote:
> * New ACL system. This one works down to the file level, and supports
> directory inheritance. For a deny ACL you can specify a custom error
> that's reported to the client (eg. 'This branch is on code freeze,
> contact bill in support').
I like the sound of this. Will branches inherit from MAIN, have their
own default, or be separate defaulting to default:RWC as it is now?
> * SSPI now (correctly) takes its domain from the authentication token.
> This means that if you're using cross-domain authentication the username
> may change, which effects existing ACLs. This is also open to change -
> eg. should DOMAIN1\foo be equal to DOMAIN2\foo for ACL checks?
Since Domain1\foo isn't the same as Domain2\foo and could very well be 2
totally different people, you shouldn't assume they are the same. When
you say "cross-domain authentication can cause the username to change",
do you mean they would now have the domain pre-pended to them instead of
plain username?
Thanks for all your work on this, as usual!
Regards,
--
Glen Starrett
More information about the cvsnt
mailing list