SASL support in INN 2.5.0

Julien ÉLIE julien at trigofacile.com
Sun Jun 28 17:38:43 UTC 2009


Hi Alexander,

>> The problem is that the user is *already* authenticated by SASL
>> when auth blocks are checked.
>> AUTHINFO SASL does not use nnrpd_auth.pl; it uses its own mechanism
>> and return success or failure.  Then, what would nnrpd_auth.pl do?
>
> Perform additional checks and possibly reject the login.

So basically, you wish to change how AUTHINFO SASL has been implemented.
I understand that you want AUTHINFO SASL to reject the authentication
if it fails and, in the case it is successful, to go on with possible
perl_auth: and python_auth: hooks.  Not with auth: I believe.
We could provide $attributes{'saslmech'} to show it has been successfully
matched by the given mechanism.


> I once experimented with authentication based on IP address and found
> it very limiting that you cannot stack "hosts:" and "perl_auth:".

Can't you use $attributes{'hostname'} and $attributes{'ipaddress'}
in perl_auth: for your checks?


> Having to edit readers.conf to close an account is really awkward.
> And simulating a rejected login through "perl_access:" feels silly.

Yet, perl_auth: has access to the same attributes as perl_access:
(+ password).

-- 
Julien ÉLIE

« -- Nous sommes acculés !
  -- Tant pis pour eux. » (Astérix) 




More information about the inn-workers mailing list