Discussion about Cancel-Lock support
Russ Allbery
eagle at eyrie.org
Sun Sep 19 15:37:18 UTC 2021
Julien ÉLIE <julien at trigofacile.com> writes:
>> I'm not sure that I understand the difference between canlockuser and
>> extracanlockuser. They both result in sending a hash, and they are
>> both valid for verifying hashes, correct? If that's the case, it may
>> be simpler to remove the extra* parameters and just make the values
>> lists.
> The idea behind was to send a hash only for canlock* and verify hashes
> for both canlock* and extra* but I agree it is a bit complex and
> confusing. During key rotation, we can still go on send both hashes,
> and verify both hashes, then at one time remove the old password. Looks
> like simpler indeed, with canlock* lists.
Oh, I see. In that case, maybe change extracanlockuser to
canlockverifyuser? That makes it clearer the extra user is for
verification only.
> Yep.
> So in a nutshell the best design would be an inn.conf parameter:
> secretsfile: <pathetc>/secrets.conf
> With secrets.conf like:
> cancels {
> canlockuser: [ password ]
> canlockadmin: [ password anotherpassword ]
> }
> # And other groups to come when merging other secrets.
Yeah, that would work. I'm not sure the extra configuration of specifying
a path to the file is needed, but I guess since it contains secrets maybe
that would be useful.
--
Russ Allbery (eagle at eyrie.org) <https://www.eyrie.org/~eagle/>
Please send questions to the list rather than mailing me directly.
<https://www.eyrie.org/~eagle/faqs/questions.html> explains why.
More information about the inn-workers
mailing list