Auth/Access Question

Jeffrey M. Vinocur jeff at
Tue Aug 20 21:28:17 UTC 2002

On Mon, 19 Aug 2002, Russ Allbery wrote:

> Jeffrey M Vinocur <jeff at> writes:
> > - What if we add a flag to `ckpasswd [-s]` to, instead of returning an
> >   identity of "user", return "user at group"?  I don't see any problems 
> >   offhand working that nicely into the readers.conf model, actually,
> >   although I haven't thought hard.  Other people's thoughts on this?
> Works for me.  I vaguely remember someone else wanting something like that

Yup, I've been looking at that TODO item for a long time, but never came 
up with a clean way to do it.  I like the above, though.

Ok, essentially done (not tested yet, though).  One question on desired 
semantics:  if the -g flag is given, but group name can't be determined, 
what should we do?  I see three possibilities:

- die (logging an error message)
- return just the username, as if -g hadn't been given
- return "user@" with nothing after the @

In the first case we deny access entirely.  In the latter cases we leave 
it up to the readers.conf configuration.  I don't think there's much 
difference between the two cases (in the third you can do "*@" to catch 
people with this problem).  Any thoughts?

Jeffrey M. Vinocur
jeff at

More information about the inn-workers mailing list