SASL support in INN 2.5.0

Alexander Bartolich alexander.bartolich at gmx.at
Sun Jun 28 19:11:09 UTC 2009


Julien ÉLIE wrote:
> [...]
> So basically, you wish to change how AUTHINFO SASL has been implemented.
> I understand that you want AUTHINFO SASL to reject the authentication
> if it fails and, in the case it is successful, to go on with possible
> perl_auth: and python_auth: hooks.  Not with auth: I believe.
> We could provide $attributes{'saslmech'} to show it has been successfully
> matched by the given mechanism.

That's one way to do it.

> [...]
> Can't you use $attributes{'hostname'} and $attributes{'ipaddress'}
> in perl_auth: for your checks?

AFAIK there is no way for perl_auth to first check the IP address
and then request username/password. Perhaps INN could call a separate
Perl function to determine whether username/password is required at
all.

>> Having to edit readers.conf to close an account is really awkward.
>> And simulating a rejected login through "perl_access:" feels silly.
> 
> Yet, perl_auth: has access to the same attributes as perl_access:
> (+ password).

Yet another way would be to give perl_access the possibility to
close the session.

Ciao

     Alexander.



More information about the inn-workers mailing list