Towards 2.3...

Aidan Cully aidan at panix.com
Thu Mar 30 02:11:49 UTC 2000


On Wed, Mar 29, 2000 at 08:13:51PM, Brandon Hume said:
> > chance.  Can you give some more specifics on what parts need to be
> > improved?
> 
> >From my little playing with it, I'd say what confused me most was
> understanding the associations between access and auth realms, and the means
> by which they were bound to one another.  
> 
> ie: There seem to be multiple means of association... "default"/"users" and
> the "key" keywords.  I've gotten the impression that "key" is essential, yet 
> my current, working readers.conf doesn't contain a single instance of it.
> Which has precedence?  What happens when they conflict?

"key" is NOT essential...  If you never use the "key"word, you probably
won't notice its absence.  If you *do* use it, any user that succesfully
authenticates by an "auth" realm using a particular key can *not* have
his access configured by an "access" realm with a different key.  At the
same time, any user succesfully authenticated by an "auth" realm without
a key will not have his access set by an "access" realm with a key.  If
you want to think of it in terms of precedence, "key" has precedence over
all other bindings.

auth:/resolve: keywords run an external program in response to a password,
or initial connection, respectively.  This external program WILL return a
username, or some other access identity to INN, on succesful
authentication.  This access identity is checked against the "users"
string in an "access" realm.  default: provides an access identity to use
when all other attempts to resolve/authenticate the remote username fail.

Hope this is clear...
--aidan
-- 
Aidan Cully       "I'd rather have a bottle in front of me than a frontal
Not Panix Staff    lobotomy."
aidan at panix.com        --Dorothy Parker



More information about the inn-workers mailing list