On Tue, Dec 14, 2010 at 07:10:01AM -0500, Wietse Venema wrote:
> > but I can't find an access table that is indexed by sasl userid.
> >
> > Is there a way to do this without a policy server?
>
> It would take very little code to add a check_sasluser_access
> feature (this would do only exact match - no substring magic such
> as parent domain or network subnet). But my own time is very limited.
The problem is that the SASL user name may well contain white-space,
and postmap(1) cannot create indexed tables with keys that contain
white-space. You could create the tables with other tools, but then
you can't update the files "in place", you have to create a temporary
indexed file and rename(2) it into place. This would work with CDB
and Berkeley DB, but not with traditional "dbm" files, since you
can't atomically rename two files.
I am not sure that encoding the lookup key (quoted-printable?, xtext?,
RFC 2047 if necessary?) is a particularly attractive option.
--
Viktor.
