[inn-workers] innd 2.x LDAP authorization support
jsiegle at psu.edu
Mon Aug 25 18:51:48 UTC 2008
Here at Penn State, we use kerberos to authenticate users and ldap
for authorization information. I'm considering writing this type of
authorization procedure for nnrpd so that I don't need to write 8k
userids for the staff group, 90k for students, etc. I would rather
create a new token for readers.conf that implies an ldap group. For now,
I'll say the token is LDAP_GROUP.
I've been looking over innd 2.4.5 and 2.5 from snapshots. It doesn't
look this is on the roadmap.
I'm not sure of the procedure to do the work. Would it look like this?
1.) User logs in as abc123 at psu.edu via auth_krb5.c on port 563
2.) When the user selects a group that requires them to be in the ldap
group psu.test, psu.test is expanded to see if abc123 is in there and
therefore what access(readers.conf:access,read,post) is granted abc123.
or like this?
1.) User logs in as abc123 at psu.edu auth_krb5.c on port 563.
2.) On login, all ldap group information is stored by something and when
user selects a usenet group, the readers.conf file is used to determine
Thanks for your help,
More information about the inn-workers