Discussion about Cancel-Lock support

Russ Allbery eagle at eyrie.org
Sun Sep 19 15:37:18 UTC 2021


Julien ÉLIE <julien at trigofacile.com> writes:

>> I'm not sure that I understand the difference between canlockuser and
>> extracanlockuser.  They both result in sending a hash, and they are
>> both valid for verifying hashes, correct?  If that's the case, it may
>> be simpler to remove the extra* parameters and just make the values
>> lists.

> The idea behind was to send a hash only for canlock* and verify hashes
> for both canlock* and extra* but I agree it is a bit complex and
> confusing.  During key rotation, we can still go on send both hashes,
> and verify both hashes, then at one time remove the old password.  Looks
> like simpler indeed, with canlock* lists.

Oh, I see.  In that case, maybe change extracanlockuser to
canlockverifyuser?  That makes it clearer the extra user is for
verification only.

> Yep.
> So in a nutshell the best design would be an inn.conf parameter:
> secretsfile: <pathetc>/secrets.conf

> With secrets.conf like:

> cancels {
>   canlockuser: [ password ]
>   canlockadmin: [ password anotherpassword ]
> }

> # And other groups to come when merging other secrets.

Yeah, that would work.  I'm not sure the extra configuration of specifying
a path to the file is needed, but I guess since it contains secrets maybe
that would be useful.

-- 
Russ Allbery (eagle at eyrie.org)             <https://www.eyrie.org/~eagle/>

    Please send questions to the list rather than mailing me directly.
     <https://www.eyrie.org/~eagle/faqs/questions.html> explains why.


More information about the inn-workers mailing list