Access control for reading.
Russ Allbery
rra at stanford.edu
Thu Feb 1 17:30:07 UTC 2001
Jeffrey M Vinocur <jeff at litech.org> writes:
> It's not clear, really, how to add support for checking users' unix
> group membership. The entry in TODO mentions adding code to ckpasswd,
> but what about usernames being retrieved via ident queries? It seems to
> me that in order to support groups properly (without using perlhooks)
> some nontrivial changes would have to be made to the readers.conf
> mechanism. (Either to assign each incoming connection a username _and_
> a group, or to be able to check group membership in access blocks
> somehow.)
> Any thoughts about this?
Depends on which way you think about it. The way I'd think about it is
that from the perspective of INN, if you're doing group-based access
restrictions, the group *is* the username. "User" is just a token that
INN uses to decide what access rule to apply, after all.
Viewed from that perspective, all I think you need is an option to
ckpasswd to return the user's group instead of their username and an
option to the ident resolver that does the same.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the inn-workers
mailing list