[inn-workers] innd 2.x LDAP authorization support

Jonathan Siegle jsiegle at psu.edu
Mon Aug 25 18:51:48 UTC 2008


Greetings,
     Here at Penn State, we use kerberos to authenticate users and ldap 
for authorization information. I'm considering writing this type of 
authorization procedure for nnrpd so that I don't need to write 8k 
userids for the staff group, 90k for students, etc. I would rather 
create a new token for readers.conf that implies an ldap group. For now, 
I'll say the token is LDAP_GROUP.

I've been looking over innd 2.4.5 and 2.5 from snapshots. It doesn't 
look this is on the roadmap.

I'm not sure of the procedure to do the work. Would it look like this?

1.) User logs in as abc123 at psu.edu via auth_krb5.c on port 563
2.) When the user selects a group that requires them to be in the ldap 
group psu.test, psu.test is expanded to see if abc123 is in there and 
therefore what access(readers.conf:access,read,post) is granted abc123.


or like this?

1.) User logs in as abc123 at psu.edu auth_krb5.c on port 563.
2.) On login, all ldap group information is stored by something and when 
user selects a usenet group, the readers.conf file is used to determine 
access(ACCESS/read/post).



Thanks for your help,
Jonathan Siegle



More information about the inn-workers mailing list