On Wed, Jul 05, 2006 at 03:23:39PM +0100, Brian Candler wrote: > Yes, but there are reasons for applying access control policy based on both > IP address and user identity, and passing the IP down to the authentication > layer would be a simple way of achieving this. Otherwise a separate > authorisation layer would be needed.
Also: you may wish to modify policy based on the TCPLOCALIP. For example, when you are merging ISPs, you can set up a single POP3 server with several local IPs, to act on behalf of the old servers. Actually, what would be quite useful here is a username mangling hook. DEFDOMAIN/DOMAINSEP provides the most commonly needed functionality, and I implemented this in preference to passing down the TCPLOCALIP, but more generic mangling could be done either prior to calling the auth module, or within the auth module. Regards, Brian. Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Courier-imap mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
