Alle 23:09, mercoledì 5 luglio 2006, Sam Varshavchik ha scritto:
> Roberto Polli writes:
> > if so, which part of courier-imap can take care about things like
> > checking if the "(authenticated) user is allowed"?
> The question is really rephrased: is this
> userid/password combination valid? Bu
On Thu, Jul 06, 2006 at 08:52:56AM +0100, Brian Candler wrote:
> Courier inherits the qmail model of "lots of small bits which can be fitted
> together in new and interesting ways"; and "drive things by environment
> variables, so if you change an environment variable in one module, it can
> contro
On Wed, Jul 05, 2006 at 05:08:42PM -0400, Sam Varshavchik wrote:
> >BUT there then should be some kind of mechanism to limit/deny specific
> >user based on IP address (and maybe some other criteria).
>
> If you start chasing every kind of marginal situation that someone dreams
> up, thing will q
On Wednesday 05 July 2006 23:08, Sam Varshavchik wrote:
> Hrvoje Habjanić writes:
> > On Wednesday 05 July 2006 12:46, Sam Varshavchik wrote:
[...]
> >> Because I've yet to see a logical explanation why authlib needs to know
> >> this. authlib's purpose is to verify account passwords. That's it.
Roberto Polli writes:
authlib's purpose is to verify account passwords. That's it.
ok, do you think that the following statements are out of the authlib's
purpose/capability:
- variables of authldaprc could be changed dynamically
- authlib can return a special error code such as "user not all
Hrvoje Habjanić writes:
On Wednesday 05 July 2006 12:46, Sam Varshavchik wrote:
Roberto Polli writes:
> Alle 20:35, martedì 4 luglio 2006, hai scritto:
>> persuading MrSam that it should be done...Patches to pass the remote IP
>> address have been ... rejected in the past;
>
> do you know why t
On Wed, Jul 05, 2006 at 06:46:49AM -0400, Sam Varshavchik wrote:
> Because I've yet to see a logical explanation why authlib needs to know
> this. authlib's purpose is to verify account passwords. That's it. The
> client's IP address is completely and totally irrelevant as far as the
> answer
On Wed, Jul 05, 2006 at 03:23:39PM +0100, Brian Candler wrote:
> Yes, but there are reasons for applying access control policy based on both
> IP address and user identity, and passing the IP down to the authentication
> layer would be a simple way of achieving this. Otherwise a separate
> authoris
Above all,
thank you Sam for your answer!
Alle 12:46, mercoledì 5 luglio 2006, Sam Varshavchik ha scritto:
> >> Patches to pass the remote IP address have been ... rejected in the past;
> Because I've yet to see a logical explanation why authlib needs to know
> this.
it's correct to divide the aut
On Wednesday 05 July 2006 12:46, Sam Varshavchik wrote:
> Roberto Polli writes:
> > Alle 20:35, martedì 4 luglio 2006, hai scritto:
> >> persuading MrSam that it should be done...Patches to pass the remote IP
> >> address have been ... rejected in the past;
> >
> > do you know why that patch was re
Roberto Polli writes:
Alle 20:35, martedì 4 luglio 2006, hai scritto:
persuading MrSam that it should be done...Patches to pass the remote IP
address have been ... rejected in the past;
do you know why that patch was rejected?
Because I've yet to see a logical explanation why authlib needs
On Tue, Jul 04, 2006 at 04:29:24PM +0200, Roberto Polli wrote:
> > (which could include
> > TCPREMOTEIP); that could be a fairly major shakeup though.
> shortly:
> can that protocol be changed?
> if so, can that protocol be changed in the way I do?
> or, which is the best way to do this?
Well, cl
Alle 22:41, lunedì 3 luglio 2006, hai scritto:
> There's an argument for changing the client->authdaemon protocol to be able
> to pass arbitary environment variable settings
this is almost what I did in my patch (limited to the LDAP_FILTER variable,
but if it could be useful to any other person,
On Mon, Jul 03, 2006 at 11:55:38AM +0200, Roberto Polli wrote:
> Alle 23:12, sabato 1 luglio 2006, Brian Candler ha scritto:
> > If you want to implement ... complex logic, though, it's quite
> > easily done in the existing courier-authlib using authpipe.
> so, is it possibile to pass to authpipe t
Hi all,
Alle 23:12, sabato 1 luglio 2006, Brian Candler ha scritto:
> If you want to implement ... complex logic, though, it's quite
> easily done in the existing courier-authlib using authpipe.
so, is it possibile to pass to authpipe the ip address of the mail client?
Thanks, Rob
--
Roberto P
Brian Candler skrev:
> On Sun, Jul 02, 2006 at 11:17:36AM +0200, Tony Earnshaw wrote:
>> I call a failover server a physical server in sync with a master that
>> will automatically take over from the master if the master should fail
>> in any sense, physically or programmatically. Clustered serv
On Sun, Jul 02, 2006 at 08:30:40PM +0100, Brian Candler wrote:
> (However, does authldap log the filter string it has built, before trying to
> send it to the server? If not, it would be a good thing for it to do)
I think it does: in authldaplib.c I see
DPRINTF("using search filter: %s",
On Sun, Jul 02, 2006 at 11:17:36AM +0200, Tony Earnshaw wrote:
> I call a failover server a physical server in sync with a master that
> will automatically take over from the master if the master should fail
> in any sense, physically or programmatically. Clustered servers would be
> an example.
Brian Candler skrev:
> On Sat, Jul 01, 2006 at 04:39:49PM +0200, Tony Earnshaw wrote:
>> What all of us with master/slave dbase (we're using OpenLDAP 2.3) need
>> from the absolutely retrograde[1] Courier authlib LDAP basis, is
>> fallback support. At the moment (Sam knows this well enough) Courie
On Sat, Jul 01, 2006 at 04:39:49PM +0200, Tony Earnshaw wrote:
> What all of us with master/slave dbase (we're using OpenLDAP 2.3) need
> from the absolutely retrograde[1] Courier authlib LDAP basis, is
> fallback support. At the moment (Sam knows this well enough) Courier
> (vs. Samba, pam_ldap, t
Roberto Polli skrev:
Hi, Roberto,
> I made a patch for courier-imap. now I'm able to modify the LDAP_FILTER
> on a per-ip basis.
Great, you need it, but personally I don't.
What all of us with master/slave dbase (we're using OpenLDAP 2.3) need
from the absolutely retrograde[1] Courier authli
Hi everybody,
I made a patch for courier-imap. now I'm able to modify the LDAP_FILTER
on a per-ip basis.
shortly what I did is
- setenv(LDAP_FILTER) in imapd thru couriertcpd "-access" directive
- passing LDAP_FILTER in the auth string between imapd and authdaemond
- setenv(LDAP_FILTER)
22 matches
Mail list logo