diff options
author | Russ Allbery <rra@stanford.edu> | 2008-09-12 11:02:00 -0700 |
---|---|---|
committer | Russ Allbery <rra@stanford.edu> | 2008-09-12 11:02:00 -0700 |
commit | 928f227268dc52b5b52d9299094e9d5328296a16 (patch) | |
tree | 72587fb0cdca2b7e350d209dc34f16ed93493686 | |
parent | 1a030347c3e7d173424ab60089c6b9122674c01e (diff) |
Update TODO entry for external ACL checking programs
-rw-r--r-- | TODO | 14 |
1 files changed, 6 insertions, 8 deletions
@@ -28,17 +28,15 @@ Server: * Support LDAP-based ACLs in addition to file system ACLs. - * Add support for external ACL checking programs. This can be added to - the existing ACL file syntax without too much trouble, perhaps with a - program keyword that works similarly to the include keyword. If the - program exits with a zero status, access is granted. If it exits 1, - access is not granted but checking continues. If it exits with any - other exit status, access is not granted and checking aborts. + * Add support for external ACL checking programs. If the program exits + with a zero status, access is granted. If it exits 1, access is not + granted but checking continues. If it exits with any other exit + status, access is not granted and checking aborts. Ideally, for writing generic ACL checking programs, the program should get the type and service of the remctl command as well as any - arguments. However, I also want to support passing other arguments - into the program as specified in the ACL file. + arguments. However, it would also be good to support passing other + arguments into the program as specified in the ACL file. * Possibly support binding to both the new and the old port in the standalone server for backward compatibility (only if requested by |