"Thor Spruyt" <thor.spruyt@telenet.be> wrote:
* post_proxy_authorize ... Huh... my current v1.0.1 production servers have this set to "yes" and probably a lot of other people still have this set to "yes", since that's the default.
That's OK.
Regularly the advice of "only change the defaults if needed" is given. Therfore, I wouldn't just delete this configuration parameter or funtionality, but just change the default, so that users don't use it anymore over time!
I'd say change both. I'd like to update the server core to allow more configurable calling of sections. So the "post-proxy-authorize" can morph into "when receiving a reply from a home server, use section foo, and call the modules authorize function for each module listed in that section" That kind of flexibility also allows you to automagically do different things based on packet reply code, in a more flexible way that the current "post-auth-type REJECT". Alan DeKok.