On Fri, 2 Jan 2004, Christos Soulios wrote: > Rob Siemborski wrote: > > On Fri, 2 Jan 2004, Paul Boven wrote: > > > > The only argument I currently completely understand for an IP-only based > > setup is that of sites that need to distinguish ANONYMOUS users between > > domains (and prehaps that is good enough). > > What about being able to determine the virtual domain based on the ip > address and presenting different ssl certificate for each domain? Even > presenting different host name, one that is in accordance to the ssl > certificate. All this happens long before authentication. Right? This > would be really nice to implement.
You can do that in a model that still allows users to add an @ sign and a domain to their userid. The only way to get a win out of a model that disallows that feature is to come up with something where it actively causes problems. And the SASL ANONYMOUS mechanism is about all I can currently see. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
