Update of /cvsroot/tmda/tmda-cgi/htdocs
In directory sc8-pr-cvs1:/tmp/cvs-serv2752
Modified Files:
index.ht index.html
Log Message:
Added explanations about new authentication schemes
Index: index.ht
===================================================================
RCS file: /cvsroot/tmda/tmda-cgi/htdocs/index.ht,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- index.ht 1 Apr 2003 04:03:35 -0000 1.1
+++ index.ht 1 Apr 2003 22:36:28 -0000 1.2
@@ -181,11 +181,12 @@
<li>The path to tmda-cgi's root directory</li>
<li>An optional path or "formula" to find the user <tt>config</tt>
files</li>
+ <li>The authentication mechanism (file / program / remote)
<li>The web path from the CGI to the <tt>display</tt> directory</li>
<li>Mode</li>
</ol>
<p>Finally, tmda-cgi requires a variety of visual elements to be saved in a
<tt>display</tt>
- directory (see #6, above). This directory comes with the tmda-cgi source and
+ directory (see #7, above). This directory comes with the tmda-cgi source and
will need to be manually copied or linked (make sure your web server is configured
to follow links!) into the appropriate web directory. Please note that #6 specifies
the relative <i>web path</i> from the CGI to the <tt>display</tt> directory,
@@ -387,16 +388,26 @@
<p>Use the <tt>./compile -h</tt> for more details on how to use compile.</p>
<hr>
<h2><a name="Pass"></a>Passwords</h2>
-<p>tmda-cgi currently authenticate logins against user name & password pairs
- stored in a password file (or files). tmda-cgi will look in two different places
- for password file(s), but it (they) must be readable by the CGI.</p>
+<p>tmda-cgi currently has three possible authentication mechanisms:</p>
+<ul>
+ <li><a href="#FileAuth">File authentication</a>
+ <li><a href="#ProgAuth">Program authentication</a> (checkpassword-style)
+ <li><a href="#RemtAuth">Remote authentication</a>
+</ul>
+<ol>
+ <li><a name="FileAuth"></a><b>File authentication:</b>
+ <p>This method authenticates logins against user name & password pairs
+ stored in a password file (or files). tmda-cgi will look either in the file
+ specified by the compile script, or in the default locations
+ for the password file, but this file must be readable by the CGI.</p>
<p>If you are running in system-wide mode, the password file can be owned by root.
If you are running in single-user mode, the password file can be owned by the
user who will be running the CGI. If you are running in no-su mode, the file
must either be owned by "nobody" (or whatever user your web server
- is configured to run as) or made globally readable See the table below for a
+ is configured to run as) or made globally readable. See the table below for a
better breakdown of your options.</p>
-<p>tmda-cgi first checks for a readable file called <tt>tmda-cgi</tt> in the same
+<p>The default password file location is obtained in the following manner:
+ tmda-cgi first checks for a readable file called <tt>tmda-cgi</tt> in the same
directory as the user's configuration file (if that location has been specified,
otherwise it will look in <tt>~user/.tmda/tmda-cgi</tt>). It then tries
<tt>/etc/tmda-cgi</tt>
if it can't find a match or cannot read the file. This allows the system
administrator
@@ -501,6 +512,37 @@
permissions on your password file(s). To debug this, append a <tt>?debug=1</tt>
onto the end of your CGI URL. This will display some diagnostic information
if the login fails instead of simply saying "Wrong password. Try
again."</p>
+
+ <li><a name="ProgAuth"></a><b>Program Authentication</b>
+ <p><b>Warning: This is not heavily tested yet</b></p>
+ <p>tmda-cgi supports authentication by a checkpassword-style program
+ (see http://cr.yp.to/checkpwd/interface.html for a description of this
+ interface).</p>
+ <p>When specifying this method of authentication, it is also necessary to
+ specify the program that is run if the password is authenticated properly.
+ The default is "/usr/bin/true", but any program that eventually
+ returns "0" will do.</p>
+ <p>Some brief explanation may exist in the web server error log if this
+ authentication method fails</p>
+
+ <li><a name="RemtAuth"></a><b>Remote Authentication</b>
+ <p><b>Warning: This is barely tested. Imap may work...</b></p>
+ <p>tmda-cgi supports authentication by a remote host, using some common
+ existing protocols:</p>
+ <ul>
+ <li>imap
+ <li>imaps (secure SSL imap)
+ <li>apop
+ <li>pop3
+ <li>ldap (requires separately obtained python ldap library)
+ </ul>
+ <p>The authentication mechanism is specified as an URI in the regular URI
+ format: <tt>protocol://host.domain.com[:port][/ldap_domain]</tt> where
+ "protocol" must be from the list above, and the rest should be
+ self-explanatory.</p>
+ <p>Some brief explanation may exist in the web server error log if this
+ authentication method fails</p>
+</ol>
<hr>
<h2><a name="Virtual" id="Virtual"></a>Virtual users</h2>
<p>Although planned for future releases, there is no support for virtual users
Index: index.html
===================================================================
RCS file: /cvsroot/tmda/tmda-cgi/htdocs/index.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- index.html 1 Apr 2003 04:03:35 -0000 1.1
+++ index.html 1 Apr 2003 22:36:28 -0000 1.2
@@ -1,7 +1,7 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<!-- THIS PAGE IS AUTOMATICALLY GENERATED. DO NOT EDIT. -->
-<!-- Mon Mar 31 22:02:41 2003 -->
+<!-- Tue Apr 1 16:13:27 2003 -->
<!-- USING HT2HTML 2.0 -->
<!-- SEE http://ht2html.sf.net -->
<!-- User-specified headers:
@@ -366,11 +366,12 @@
<li>The path to tmda-cgi's root directory</li>
<li>An optional path or "formula" to find the user <tt>config</tt>
files</li>
+ <li>The authentication mechanism (file / program / remote)
<li>The web path from the CGI to the <tt>display</tt> directory</li>
<li>Mode</li>
</ol>
<p>Finally, tmda-cgi requires a variety of visual elements to be saved in a
<tt>display</tt>
- directory (see #6, above). This directory comes with the tmda-cgi source and
+ directory (see #7, above). This directory comes with the tmda-cgi source and
will need to be manually copied or linked (make sure your web server is configured
to follow links!) into the appropriate web directory. Please note that #6 specifies
the relative <i>web path</i> from the CGI to the <tt>display</tt> directory,
@@ -572,16 +573,26 @@
<p>Use the <tt>./compile -h</tt> for more details on how to use compile.</p>
<hr>
<h2><a name="Pass"></a>Passwords</h2>
-<p>tmda-cgi currently authenticate logins against user name & password pairs
- stored in a password file (or files). tmda-cgi will look in two different places
- for password file(s), but it (they) must be readable by the CGI.</p>
+<p>tmda-cgi currently has three possible authentication mechanisms:</p>
+<ul>
+ <li><a href="#FileAuth">File authentication</a>
+ <li><a href="#ProgAuth">Program authentication</a> (checkpassword-style)
+ <li><a href="#RemtAuth">Remote authentication</a>
+</ul>
+<ol>
+ <li><a name="FileAuth"></a><b>File authentication:</b>
+ <p>This method authenticates logins against user name & password pairs
+ stored in a password file (or files). tmda-cgi will look either in the file
+ specified by the compile script, or in the default locations
+ for the password file, but this file must be readable by the CGI.</p>
<p>If you are running in system-wide mode, the password file can be owned by root.
If you are running in single-user mode, the password file can be owned by the
user who will be running the CGI. If you are running in no-su mode, the file
must either be owned by "nobody" (or whatever user your web server
- is configured to run as) or made globally readable See the table below for a
+ is configured to run as) or made globally readable. See the table below for a
better breakdown of your options.</p>
-<p>tmda-cgi first checks for a readable file called <tt>tmda-cgi</tt> in the same
+<p>The default password file location is obtained in the following manner:
+ tmda-cgi first checks for a readable file called <tt>tmda-cgi</tt> in the same
directory as the user's configuration file (if that location has been specified,
otherwise it will look in <tt>~user/.tmda/tmda-cgi</tt>). It then tries
<tt>/etc/tmda-cgi</tt>
if it can't find a match or cannot read the file. This allows the system
administrator
@@ -686,6 +697,37 @@
permissions on your password file(s). To debug this, append a <tt>?debug=1</tt>
onto the end of your CGI URL. This will display some diagnostic information
if the login fails instead of simply saying "Wrong password. Try
again."</p>
+
+ <li><a name="ProgAuth"></a><b>Program Authentication</b>
+ <p><b>Warning: This is not heavily tested yet</b></p>
+ <p>tmda-cgi supports authentication by a checkpassword-style program
+ (see http://cr.yp.to/checkpwd/interface.html for a description of this
+ interface).</p>
+ <p>When specifying this method of authentication, it is also necessary to
+ specify the program that is run if the password is authenticated properly.
+ The default is "/usr/bin/true", but any program that eventually
+ returns "0" will do.</p>
+ <p>Some brief explanation may exist in the web server error log if this
+ authentication method fails</p>
+
+ <li><a name="RemtAuth"></a><b>Remote Authentication</b>
+ <p><b>Warning: This is barely tested. Imap may work...</b></p>
+ <p>tmda-cgi supports authentication by a remote host, using some common
+ existing protocols:</p>
+ <ul>
+ <li>imap
+ <li>imaps (secure SSL imap)
+ <li>apop
+ <li>pop3
+ <li>ldap (requires separately obtained python ldap library)
+ </ul>
+ <p>The authentication mechanism is specified as an URI in the regular URI
+ format: <tt>protocol://host.domain.com[:port][/ldap_domain]</tt> where
+ "protocol" must be from the list above, and the rest should be
+ self-explanatory.</p>
+ <p>Some brief explanation may exist in the web server error log if this
+ authentication method fails</p>
+</ol>
<hr>
<h2><a name="Virtual" id="Virtual"></a>Virtual users</h2>
<p>Although planned for future releases, there is no support for virtual users
_______________________________________
tmda-cvs mailing list
http://tmda.net/lists/listinfo/tmda-cvs
