Hashing of usernames in syslog

Jeffrey M. Vinocur jeff at litech.org
Sun Sep 29 21:37:22 UTC 2002


On Sun, 29 Sep 2002, Erik Klavon wrote:

> On Sat, Sep 28, 2002 at 04:38:31PM -0700, Russ Allbery wrote:
> > You can map all valid users to the same
> > identity in either readers.conf or in your authentication program.
> 
> I'm not sure how to achieve this and still authenticate users with the
> new perl hooks. I assume that you are referring here to the default:
> parameter. My understanding from the code is that if I include a
> default: parameter in the auth group, then if that auth group is
> reached it will match the client. No authentication will take place
> since the identity of the client is known. 

Oh no, certainly not.  First the connection is matched using hosts: and
res: or auth:, and then if it matches, the identity is assigned from what 
the resolver or authenticator returned; the defaults are used only for 
username and or domainname part (as necessary).


> As for setting the identity in the authentication program, I'm not sure
> how to do this. 

The authenticator (the program in ~news/bin/auth/ you're using) can return 
a username (possibly with domain) by printing a string like "User:%s\n" or 
"User:%s@%s\n" on stdout.

(I don't see any reason you couldn't put the hashing in your 
authenticator.)

-- 
Jeffrey M. Vinocur
jeff at litech.org



More information about the inn-workers mailing list