Hashing of usernames in syslog
Jeffrey M. Vinocur
jeff at litech.org
Sun Sep 29 21:37:22 UTC 2002
On Sun, 29 Sep 2002, Erik Klavon wrote:
> On Sat, Sep 28, 2002 at 04:38:31PM -0700, Russ Allbery wrote:
> > You can map all valid users to the same
> > identity in either readers.conf or in your authentication program.
>
> I'm not sure how to achieve this and still authenticate users with the
> new perl hooks. I assume that you are referring here to the default:
> parameter. My understanding from the code is that if I include a
> default: parameter in the auth group, then if that auth group is
> reached it will match the client. No authentication will take place
> since the identity of the client is known.
Oh no, certainly not. First the connection is matched using hosts: and
res: or auth:, and then if it matches, the identity is assigned from what
the resolver or authenticator returned; the defaults are used only for
username and or domainname part (as necessary).
> As for setting the identity in the authentication program, I'm not sure
> how to do this.
The authenticator (the program in ~news/bin/auth/ you're using) can return
a username (possibly with domain) by printing a string like "User:%s\n" or
"User:%s@%s\n" on stdout.
(I don't see any reason you couldn't put the hashing in your
authenticator.)
--
Jeffrey M. Vinocur
jeff at litech.org
More information about the inn-workers
mailing list