SASL support in INN 2.5.0
Julien ÉLIE
julien at trigofacile.com
Sun Jun 28 17:38:43 UTC 2009
Hi Alexander,
>> The problem is that the user is *already* authenticated by SASL
>> when auth blocks are checked.
>> AUTHINFO SASL does not use nnrpd_auth.pl; it uses its own mechanism
>> and return success or failure. Then, what would nnrpd_auth.pl do?
>
> Perform additional checks and possibly reject the login.
So basically, you wish to change how AUTHINFO SASL has been implemented.
I understand that you want AUTHINFO SASL to reject the authentication
if it fails and, in the case it is successful, to go on with possible
perl_auth: and python_auth: hooks. Not with auth: I believe.
We could provide $attributes{'saslmech'} to show it has been successfully
matched by the given mechanism.
> I once experimented with authentication based on IP address and found
> it very limiting that you cannot stack "hosts:" and "perl_auth:".
Can't you use $attributes{'hostname'} and $attributes{'ipaddress'}
in perl_auth: for your checks?
> Having to edit readers.conf to close an account is really awkward.
> And simulating a rejected login through "perl_access:" feels silly.
Yet, perl_auth: has access to the same attributes as perl_access:
(+ password).
--
Julien ÉLIE
« -- Nous sommes acculés !
-- Tant pis pour eux. » (Astérix)
More information about the inn-workers
mailing list