> -----Original Message-----
> From: Howard Chu [mailto:hyc@highlandsun.com]
> Sent: Thursday, November 18, 1999 5:56 PM
> > > Two problems:
> > > 1) you can't even standardize what that global config
> > > mechanism is. By not
> > > specifying it in the API spec, you leave it up to each API
> > > implementor, and
> > > so for an admin to secure a particular machine he has to know
> > > how to perform
> > > this configuration for every possible API implementation
> > > that's likely to be
> > > used on that machine.
> > > 2) a global configuration mechanism in the API is too
> > > draconian. There
> > > will be plenty of times where someone has setup a sandbox
> > > LDAP server, or
> > > some other local, innocuous server, where plaintext passwords
> > > are perfectly
> > > acceptable. A globally enforced API configuration would
> > > require the user to
> > > generate a full strong authentication infrastructure just to
> > > be able to use
> > > this otherwise harmless sandbox.
> >
> > I think these are false alternatives. See the next comment.
>
> (1) is precisely the same as your 2nd paragraph above. Your
> disagreement
> here doesn't make any sense to me.
Not quite the same. (1) talks about standardizing -- I agreed that one could use the mechanism (of stroing the config in the directory), even if it isn't standardized. One could also use other mechanisms, although storing it in the directory has the advantages you noted.
Paul