Authentication over SSL
Julien ÉLIE
julien at trigofacile.com
Mon Sep 8 17:38:14 UTC 2008
Hi Russ,
>> Here, we want a parameter to tell whether AUTHINFO USER is allowed on an
>> unencrypted connections so the auth block will never match if the client
>> is not using SSL. Thus, we will never now if he can use AUTHINFO USER.
>
> But if no auth blocks that accept passwords apply to the current
> connection, AUTHINFO USER is not available, yes?
The problem is that require_ssl: is seen *before* an auth block is assigned
so the behaviour of the current connection (that is to say whether AUTHINFO USER
is available) cannot be changed by it. If a client is in such an auth block,
then necessarily he is using SSL.
auth "users" {
hosts: "*"
require_ssl: true
}
access "users" {
users: "<all>"
read: "*"
}
% telnet localhost 119
502 You have no permission to talk. Goodbye!
Connection closed by foreign host.
No auth was assigned! While I only wanted here not to be able to use AUTHINFO USER
if SSL was not used.
--
Julien ÉLIE
« Le vrai danger, ce n'est pas quand les ordinateurs penseront comme les hommes,
c'est quand les hommes penseront comme les ordinateurs. »
More information about the inn-workers
mailing list