Recently I questioned Keith Brown on his description of Windows
impersonation at
http://pluralsight.com/wiki/default.aspx/Keith.GuideBook/WhatIsDelegation.ht
ml.
It deals with a 3-tier archirecture with a user ("Alice") making use of a
browser,
a web server ("Bob") and a database server ("Charlie"). Without
impersonation,
the web server would identify itself as "Bob" to the database server, and
with
impersonation as "Alice".
I would also like to let "Bob" connect to "Charlie" as "Bob on behalf of
Alice"
and have an identity or user with privileges for the latter that differ from
just
"Alice". For instance if "Alice" were only allowed access to Charlie THROUGH
"Bob".
Of course I've let at least to other questions open:
- exactly what privileges should "Bob on behalf of Alice" have, and
- is "Bob" always allowed to act on behalf of "Alice", or only by request?
I was wondering what the vision and status of implementation of comparable
techniques is in Apache.
Toine.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|