Menu

#2 Remote User Short Name?

Feature request
open
Barry Brachman
Configuration (1)
5
2008-06-03
2008-06-03
Nicholas Fletcher
No

Would it be possible to allow DACS to be configurable to not include the jurisdiction/federation information in remote user?

I believe the reason is to identify the user from different jurisdictions and federations but its probably likely that most users of DACS are only using a single jurisdiction and/or federation and thus the extra info in remote user is unnecessary.

Thanks,
Nick

Discussion

  • Barry Brachman

    Barry Brachman - 2008-06-03

    Logged In: YES
    user_id=805867
    Originator: NO

    Yes, it would be easy to make the syntax of the REMOTE_USER environment
    variable configurable between a simple user name (i.e., no colons)
    and the full DACS identity format. As long as the administrator
    is certain that this will not result in confusion, it seems reasonable.
    It would help DACS to interoperate better with other existing
    software that makes assumptions about REMOTE_USER (e.g., that it
    is always a plain login name).

    The change is complicated in a few places where DACS currently
    assumes that REMOTE_USER is set to a DACS identity, so it's a little
    more effort to make the rest of DACS work with the change.

    Relatively recent changes to DACS added the DACS_IDENTITY and
    DACS_USERNAME environment variables. The former serves essentially
    the same purpose as REMOTE_USER. I'm thinking that a better change
    might be to make REMOTE_USER the same as DACS_USERNAME. Although
    incompatible, I don't think the change would affect much existing
    code and the fix is a simple substitution (use DACS_IDENTITY instead
    of REMOTE_USER). Assuming this does not break anything within DACS,
    it would be a nicer and less complicated solution overall.

    Any comments?

    Anyone who would like a patch against 1.4.21 to evaluate the syntax
    change for REMOTE_USER, please contact me.

    Barry

     

  • Barry Brachman

    Barry Brachman - 2008-06-03

    Logged In: YES
    user_id=805867
    Originator: NO

    In case my previous comment is confusing, I'm just suggesting
    that DACS set REMOTE_USER like DACS_USERNAME, or not
    set it if the user is not authenticated. Existing code that
    relies upon REMOTE_USER's current semantics will be broken
    but can simply be changed to reference DACS_IDENTITY.

    For additional info, please see
    http://dacs.dss.ca/man/dacs.1.html#naming
    http://dacs.dss.ca/man/dacs_acs.8.html#exported_envars

    Barry

     

Log in to post a comment.