http://bugzilla.spamassassin.org/show_bug.cgi?id=4550
------- Additional Comments From [EMAIL PROTECTED] 2005-08-21 18:11 ------- Subject: Re: [RFE] Add secure user authentication to spamc/spamd protocol >------- Additional Comments From [EMAIL PROTECTED] 2005-08-21 18:01 ------- >What's involved in making something a plugin for spamd, as opposed to a >SpamAssassin plugin? Do we have any spamd plugins already? > > There are a couple of spamd plugin hooks now, no published plugins that make use of the hooks, but they are being used. Nothing extra involved to put the hook in spamd. >If we go with something very lightweight, such as adding a password >configuration option in user_prefs and spamc.conf and adding the password field >to the protocol, then I don't see how or why it would be done as a plugin. I >agree that if we do anything more, such as have a cryptographic secure >handshaking authentication protocol, that would be best in a plugin. > > It should be very easy for admins to create a plugin that will obtain the authentication information from their own, possibly custom, database. Then you just create the hooks and a basic plugin (this plugin can do perform the basic user_prefs config option password deal) and leave it up to the administrator to supply anything more complicated. That is the entire reason for plugins. FYI, there is actually a plugin hook that might be useful here, services_authorized_for_username. See the call in one of the BayesSQL modules for an example of how it is used. And, now that I think about it, given some spamd protocol header parsing foo and this plugin hook it would be trivial to add the basic, send a password in the header and check it against a value in a user_prefs file, solution. Michael ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
