Article delegate-en/4432 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A4431@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: multiple configurations
13 Apr 2009 10:57:10 GMT feedback@delegate.org (Yutaka Sato)
The DeleGate Project


Hi,

In message <_A4431@delegate-en.ML_> on 04/13/09(11:43:13) I wrote:
 | |LDAP directly), but so far I haven't been able to find out how to handle 
 | |whitelists in DeleGate; moreover, I don't know how to combine the rules to 
 | |enforce the "right" priority.
 |
 |I'm not so sure about your requirment but it could be realized with
 |an AUTHORIZER parameter like this:
 |
 |  AUTHORIZER="-pam/password,-pam/ldap,-list{u1:p1,u2:p2,...}"

I'm not sure how your "whitelist" is constructed, but if it is
a list of clients hosts or so, it might be represented as
  AUTHORIZER="authServList:*:*:!whiteList" with
  HOSTLIST="whiteList:host1,host2,..."
Or it might be as (I'm not sure this works as is)
  AUTHORIZER="-pam(pampasswd),-pam/ldap(pamldap),-none" with
  RELIABLE="-a/pampasswd,-a/pamldap,whiteList"

And in DeleGate/9.9.3-pre3, tentatively I introduced new pseudo
authentication server named "-hostlist" which ignores authentication info.
and just test the host info. of the client to be used as follows:

  AUTHORIZER="-pam/passwd,-pam/ldap,-hostlist/whiteList"
  HOSTLIST="whiteList:host1,host2,*.domain1,..."

Cheers,
Yutaka
--
  9 9   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
 ( ~ )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V