RE: Per-modules readers/writers ?

[Shankar Unni]

Greg A. Woods writes:

> Even basic unix security requires proper use of individual system
accounts.

Absolutely. No argument there. The issue I was talking about was not
authentication, but access control (authorization), using Unix accounts.

Authentication using Unix accounts is A-OK. (Use YP, LDAP, whatever..).
Authorization, on the other hand, is also still being left to the same
mechanism (YP or whatever), which is rather too coarse and inflexible
(see the arguments I put forward..)

I see that the CVSNT folks are adding CVS-level ACLs (access control
lists), using hidden ".perms" and ".owner" files in repository
directories that contain files. Should probably take a deeper look at
how they implement this, and how it ties to various authentication
mechanisms like :pserver: ..

--
Shankar.