Auth/Access Question
Jeffrey M. Vinocur
jeff at litech.org
Tue Aug 20 22:42:51 UTC 2002
On Tue, 20 Aug 2002, David R. Fischer wrote:
> This is what I was going to ask is how to handle multi-groups.
Oy.
Not with ckpasswd, I think. I had some other suggestions earlier, did you
read them?
> Also is this going into the nnrpd or as an outside module??
It's going into ckpasswd, which is called from readers.conf (the whole
point of readers.conf is to get flexibility without needing to modify
nnrpd itself, since that way the interface is stable and third parties
don't need to keep updating their patches).
> Would it be better served if a auth backend was integrated into the
> nnrpd instead of spawning out separate processes???
It's not like authentication is a tremendously frequent event. And this
way is a lot easier to work with.
> that way a perl, passwd, python,
The Perl and Python hooks are already in place. And no one's ever
complained about the time it takes to run `ckpasswd` for an incoming
connection (I expect it's insignificant against the other things that
occur when a new user connects, honestly).
> a db/ldap back-end could be written as a lib function. This could speed
> things up a bit, especially when using nscd for caching the integration
> of ldap into the NSLOOKUP/passwd file is about 10 fold.
Given that we spawn a new instance of nnrpd for every connection, there's
no way to share a cache between calls. Besides, rather than incorporating
that into every piece of software that's using LDAP, I'd think it would be
nicer to put the caching into the system somewhere so that all programs
can use it.
--
Jeffrey M. Vinocur
jeff at litech.org
More information about the inn-workers
mailing list