Authentication over SSL

Julien ÉLIE julien at trigofacile.com
Mon Sep 8 17:38:14 UTC 2008


Hi Russ,

>> Here, we want a parameter to tell whether AUTHINFO USER is allowed on an
>> unencrypted connections so the auth block will never match if the client
>> is not using SSL.  Thus, we will never now if he can use AUTHINFO USER.
>
> But if no auth blocks that accept passwords apply to the current
> connection, AUTHINFO USER is not available, yes?

The problem is that require_ssl: is seen *before* an auth block is assigned
so the behaviour of the current connection (that is to say whether AUTHINFO USER
is available) cannot be changed by it.  If a client is in such an auth block,
then necessarily he is using SSL.

auth "users" {
    hosts: "*"
    require_ssl: true
}

access "users" {
    users: "<all>"
    read: "*"
}

% telnet localhost 119
502 You have no permission to talk.  Goodbye!
Connection closed by foreign host.

No auth was assigned!  While I only wanted here not to be able to use AUTHINFO USER
if SSL was not used.

-- 
Julien ÉLIE

« Le vrai danger, ce n'est pas quand les ordinateurs penseront comme les hommes,
  c'est quand les hommes penseront comme les ordinateurs. » 



More information about the inn-workers mailing list