Auth/Access Question
Jeffrey M. Vinocur
jeff at litech.org
Tue Aug 20 21:28:17 UTC 2002
On Mon, 19 Aug 2002, Russ Allbery wrote:
> Jeffrey M Vinocur <jeff at litech.org> writes:
>
> > - What if we add a flag to `ckpasswd [-s]` to, instead of returning an
> > identity of "user", return "user at group"? I don't see any problems
> > offhand working that nicely into the readers.conf model, actually,
> > although I haven't thought hard. Other people's thoughts on this?
>
> Works for me. I vaguely remember someone else wanting something like that
Yup, I've been looking at that TODO item for a long time, but never came
up with a clean way to do it. I like the above, though.
Ok, essentially done (not tested yet, though). One question on desired
semantics: if the -g flag is given, but group name can't be determined,
what should we do? I see three possibilities:
- die (logging an error message)
- return just the username, as if -g hadn't been given
- return "user@" with nothing after the @
In the first case we deny access entirely. In the latter cases we leave
it up to the readers.conf configuration. I don't think there's much
difference between the two cases (in the third you can do "*@" to catch
people with this problem). Any thoughts?
--
Jeffrey M. Vinocur
jeff at litech.org
More information about the inn-workers
mailing list