Regarding runtime configuration, we don't really have a configuration file for mech_eap right now. If you were proposing to, say, turn it on/off by environment variable, that'd be easy to add for now...
-- Luke
On 12/06/2011, at 5:54 PM, Sam Hartman wrote:
> I think the deployment concerns are very real.
>
> I think we want to provide this as a runtime option. In general if you
> don't need the complexity of remoting for performance or other reasons I
> wouldn't do it. If I were shipping as an OS, I might consider turning it
> on by default if I could easily do so.
>
> Here are concerns I have though:
>
> * which user should the shibbbd run as?
> * should different services use the same shibbd?
> * What are permission and security issues?
>
> Once we've resolved these, I may well be much more interested in shibb
> remoting as a runtime default. Today, though I'm definitely interested
> in turning it on as a runtime option.
>
> I wonder what the security implications would be of trying to remote and
> if that fails, trying to run in-process?
>
> --Sam
--
Luke Howard / [log in to unmask]
www.padl.com / www.lukehoward.com
|