summaryrefslogtreecommitdiffstats
path: root/tdeio/kpasswdserver/DESIGN
diff options
context:
space:
mode:
Diffstat (limited to 'tdeio/kpasswdserver/DESIGN')
-rw-r--r--tdeio/kpasswdserver/DESIGN56
1 files changed, 56 insertions, 0 deletions
diff --git a/tdeio/kpasswdserver/DESIGN b/tdeio/kpasswdserver/DESIGN
new file mode 100644
index 000000000..6a128f9df
--- /dev/null
+++ b/tdeio/kpasswdserver/DESIGN
@@ -0,0 +1,56 @@
+Sequence numbers
+================
+The idea is that whenever the user is queried for a password this
+login/pw combination gets a seq-nr. When a slave needs a login/pw
+it asks kpasswdserver and sends along the last seqnr it received. If
+this seqnr is older (lower) than the seq nr of the login/pw
+combination stored in kpasswdserver then appearantly the user has
+already been prompted for a new login/pw combination since the last
+time this slave asked for a login/pw and therefor it is not necessary
+to prompt the user again but kpassword will send the io-slave this
+new login/pw combination. If this new combination fails as well the
+user is being prompted for a new login/pw combo since the one stored
+in kpasswdserver doesn't work.
+
+Let me try to draw the situation I had in mind when writing this:
+
+Slave1 Slave2 kpasswdserver
+Asks for auth
+ asks user for login/pw (1)
+sends login/pw (1) to ftp site
+ Asks for auth
+ sends back login/pw (1)
+ sends login/pw (1) to ftp site
+gets login error,
+asks for new auth
+sends along seq.nr 1
+ seq.nr 1 == (1) -->
+ asks user for new login/pw (2)
+sends login/pw (2) to ftp site
+ gets login error,
+ asks for new auth
+ sends along seq.nr 1
+ seq.nr 1 < (2) -->
+ don't ask user for new login/pw
+ but send back login/pw (2) without asking
+ sends login/pw (2) to ftp site
+
+
+Actually, I had mostly http in mind, and not so much ftp. In http you
+typically try without password first, and only when you get an
+authentication error you ask for a password. The above scenario is
+then suddenly a lot more common than with ftp because it can happen
+that you have 4 requests /io-slaves who alll discover at about the
+same time that they need to have authentication credentials. The
+above scenario (and the seq. nrs) is to prevent that you get 4 login
+dialogs in such case.
+
+Now the assumption in this all, looking back on it, seems to be that
+when you ask for the same auth credentials twice in a row, it must be
+that the credentials issued the first time where wrong, and you will
+be prompted again. But if the user goes to ftp-site1, then
+ftp-site2 and then back to ftp-site1 again, the credentials for ftp-site1
+are still valid. This is why we reset the seq.nr stored in the io-slave
+to 0 whenever the io-slave switches hosts (or logins).
+
+Waldo Bastian <bastian@kde.org>
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-24 23:49:33 +0000