price-db storage via BackEnd?

Linas Vepstas linas@linas.org
Tue, 22 May 2001 01:56:33 -0500 

On Mon, May 21, 2001 at 06:29:19PM -0400, Derek Atkins was heard to remark:
> 
> 	2) User Authentication is added

feel free to propse the names of the hooks needed in the backend for
this. 

> 	3) Price-DB is added

I just added stubs to rpcbackend (and sql) for pricedb.

> Ideally I think i'd like to tie RPC specifically to Postgres, or

in principle, you could pass-through the rpc backend to any other
backend ... to posgres, to the file-io (once that is turned into a
backend), or chain rpcs :-) ...

> For user-login, it would be nice if the Backend were UI-agnostic..

neither the engine nor backend is supposed to know about any UI 
or make any UI callbacks.  

> One approach is to require the UI to register an 'authentication'
> callback with the Backend, so the Backend can call the callback
...
> Alternatively, error codes can be returned to signify various
> 'need-authentication' messages.  But I'm not convinced that works
> quite as well as having an actual Backend callback into the engine.

callbacks are great in other places, but I prefer the slighltly
more linear approach of just returning an error code.  The UI then
checks for a 'need authenticaion' error, prompts the user, and
tries again. 

1) this is how the 'file is locked by another user' is currently handled
2) this is in the style of http (e.g. 302 Need Authentication)

Its so late at night that I am not sure I can make a cogent argument,
but it goes something like this:  you don't want the server blocked
on some thread, waiting for some remote callback to complete, when
the client might in fact never respond.  Its hard to garbage collect
this inside a server.  Instead the server returns the error code, 
finishes the thread, and moves on.

> This also doesn't even mention how to use Kerberos or SSL certificates
> as an authentication scheme.

Maybe username/passwd is enough, and the rest is up to the backend.
The backend figures out if it could use the passwd to decrypt a 
keyring containing x509 certs, or decrypt a pgp keyring, or use 
it w/kerberos, or use PAM ...  whatever, its just code, we can fix it
later. 

--linas

-- 
Linas Vepstas -- linas@gnumatic.com -- http://www.gnumatic.com/