authentification domains/realms/whatever

Jeffrey M.Vinocur jeff at
Sun Mar 6 21:54:08 UTC 2005

On Mar 6, 2005, at 1:26 PM, Christoph Biedl wrote:

> I'd like to use different ways of authentification based on something
> like a domain name in the user name of the AUTHINFO command.
> For example:
> "user at" -> check against radius using 
> bin/auth/passwd/radius
> "user"              -> ditto ("" is a default)
> "user at" -> check against a plain text list

You actually can't quite do this within readers.conf itself.  That is, 
inside an auth block (where you'd check against radius or a file or 
whatever), you can't examine the username.  In retrospect, that's 
probably a mistake given how reasonable your question is, but it can't 
be done as far as I can think of.   However, you've got three options:

1.  If you can distinguish groups of users by incoming IP address 
(e.g., all users from will be connecting from an IP that 
reverse-resolves to, then the above is 
straightforward using one auth block per group of users (with 
appropriate hosts: parameter).

2.  If there's no harm done to check some users against the wrong 
password databases, you can lump everything together in one auth block 
with multiple auth: parameters.  The caveat here is that if, say, users are authenticated using a RADIUS server under 
external control, you might not want to expose the authentication 
attempts of users to the RADIUS server.

3.  You can use one auth block with a perl_auth: or python_auth: 
parameter to call out to a script capable of doing more powerful 

Jeffrey M. Vinocur
jeff at

More information about the inn-workers mailing list