On Wednesday 05 July 2006 12:46, Sam Varshavchik wrote: > Roberto Polli writes: > > Alle 20:35, martedì 4 luglio 2006, hai scritto: > >> persuading MrSam that it should be done...Patches to pass the remote IP > >> address have been ... rejected in the past; > > > > do you know why that patch was rejected? > > Because I've yet to see a logical explanation why authlib needs to know > this. authlib's purpose is to verify account passwords. That's it. The > client's IP address is completely and totally irrelevant as far as the > answer to the following question: is the password valid?
True. BUT there then should be some kind of mechanism to limit/deny specific user based on IP address (and maybe some other criteria). Easiest way to acomplish this is to test IP address (and other stuff) at the same time when you test pass, it's logical. Else, there need to be impelemnted some other "daemon" (like authdaemon) which will again do lookups, but this time using all availible info - username, IP address, time, whatever. Specific problem can be this: you have yours POP server, and all users are connecting to it. BUT at some specific time (ie. from 16 till 08), one subset of yours users, which connect from specific ip address (ie. dialup), musn't be allowed to login . How you will accoplish this without some way to test username-ipaddress-time triple? H. Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Courier-imap mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
