Would it be possible to allow DACS to be configurable to not include the jurisdiction/federation information in remote user?
I believe the reason is to identify the user from different jurisdictions and federations but its probably likely that most users of DACS are only using a single jurisdiction and/or federation and thus the extra info in remote user is unnecessary.
Thanks,
Nick
Logged In: YES
user_id=805867
Originator: NO
Yes, it would be easy to make the syntax of the REMOTE_USER environment
variable configurable between a simple user name (i.e., no colons)
and the full DACS identity format. As long as the administrator
is certain that this will not result in confusion, it seems reasonable.
It would help DACS to interoperate better with other existing
software that makes assumptions about REMOTE_USER (e.g., that it
is always a plain login name).
The change is complicated in a few places where DACS currently
assumes that REMOTE_USER is set to a DACS identity, so it's a little
more effort to make the rest of DACS work with the change.
Relatively recent changes to DACS added the DACS_IDENTITY and
DACS_USERNAME environment variables. The former serves essentially
the same purpose as REMOTE_USER. I'm thinking that a better change
might be to make REMOTE_USER the same as DACS_USERNAME. Although
incompatible, I don't think the change would affect much existing
code and the fix is a simple substitution (use DACS_IDENTITY instead
of REMOTE_USER). Assuming this does not break anything within DACS,
it would be a nicer and less complicated solution overall.
Any comments?
Anyone who would like a patch against 1.4.21 to evaluate the syntax
change for REMOTE_USER, please contact me.
Barry
Logged In: YES
user_id=805867
Originator: NO
In case my previous comment is confusing, I'm just suggesting
that DACS set REMOTE_USER like DACS_USERNAME, or not
set it if the user is not authenticated. Existing code that
relies upon REMOTE_USER's current semantics will be broken
but can simply be changed to reference DACS_IDENTITY.
For additional info, please see
http://dacs.dss.ca/man/dacs.1.html#naming
http://dacs.dss.ca/man/dacs_acs.8.html#exported_envars
Barry