Auth/Access Question

Jeffrey M. Vinocur jeff at
Tue Aug 20 22:42:51 UTC 2002

On Tue, 20 Aug 2002, David R. Fischer wrote:

> This is what I was going to ask is how to handle multi-groups. 


Not with ckpasswd, I think.  I had some other suggestions earlier, did you 
read them?

> Also is this going into the nnrpd or as an outside module??

It's going into ckpasswd, which is called from readers.conf (the whole 
point of readers.conf is to get flexibility without needing to modify 
nnrpd itself, since that way the interface is stable and third parties 
don't need to keep updating their patches).

> Would it be better served if a auth backend was integrated into the
> nnrpd instead of spawning out separate processes??? 

It's not like authentication is a tremendously frequent event.  And this 
way is a lot easier to work with.

> that way a perl, passwd, python, 

The Perl and Python hooks are already in place.  And no one's ever 
complained about the time it takes to run `ckpasswd` for an incoming 
connection (I expect it's insignificant against the other things that 
occur when a new user connects, honestly).

> a db/ldap back-end could be written as a lib function. This could speed
> things up a bit, especially when using nscd for caching the integration
> of ldap into the NSLOOKUP/passwd file is about 10 fold.

Given that we spawn a new instance of nnrpd for every connection, there's 
no way to share a cache between calls.  Besides, rather than incorporating 
that into every piece of software that's using LDAP, I'd think it would be 
nicer to put the caching into the system somewhere so that all programs 
can use it.

Jeffrey M. Vinocur
jeff at

More information about the inn-workers mailing list