http://bugzilla.spamassassin.org/show_bug.cgi?id=4109
Summary: spamc/spamd don't provide authentication via PF_UNIX
sockets
Product: Spamassassin
Version: 3.0.2
Platform: Other
OS/Version: other
Status: NEW
Severity: enhancement
Priority: P5
Component: spamc/spamd
AssignedTo: [email protected]
ReportedBy: [EMAIL PROTECTED]
spamc/spamd allow for user authentication via RFC1413 ident within a trusted
cluster. There is currently no similar mechanism for local access via PF_UNIX
sockets.
Many UN*X-like OSs have mechanisms to identify the user connecting via PF_UNIX
socket. I've written a small patch for spamd that enables authentication via
sockopt(SO_PEERCRED) (see attachment). The patch mixes the SO_PEERCRED stuff
with another enhancement: --trusted-user <username> allows to specify a trusted
user that is permitted to set any other userid via spamd's User: header iff he
can be identified correctly before. Sorry for mixing the two, but it's still
small enough to understand, I think ;-)
The benefits from the two patches for me are
1) allows to run spamc from e.g. exim under its own trusted user id while
allowing to use -u ${local_part} to get individual user prefs and still use
--auth-ident
2) allows to run 1) without tcp/ident overhead when used locally
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
