Re: https authorisation server?

To: Jeremy Ardley <jeremy@ardley.org>
Cc: debian-user@lists.debian.org
Subject: Re: https authorisation server?
From: Dan Ritter <dsr@randomstring.org>
Date: Wed, 16 Mar 2022 07:14:13 -0400
Message-id: <[🔎] 20220316111413.wwdgcvjxzhduz3v3@randomstring.org>
In-reply-to: <[🔎] bd0aa7af-7621-f5c4-67d8-d5b1a6ae90cc@ardley.org>
References: <[🔎] bd0aa7af-7621-f5c4-67d8-d5b1a6ae90cc@ardley.org>

Jeremy Ardley wrote: 
> I'm working on providing an imap proxy on my LAN gateway and it seems nginx
> module ngx_mail will do the job nicely.
> 
> The problem is the module mandates an http authorisation server.
> 
> Ideally I would run the authorisation server on my internal mail machine and
> it would use PAM or suchlike to look up mail usernames and passwords rather
> than me having to maintain separate user/password files.
> 
> What candidates are there for a standalone https authorisation server? Or a
> plug in module for an nginx instance running on the internal mail server?

The nginx wiki has a sample auth.php:

https://www.nginx.com/resources/wiki/start/topics/examples/imapauthenticatewithapachephpscript/

It has a function, auth_user, which is currently set to return
true. This is acceptable for your case, because the actual IMAP
server is going to demand its own authentication, the way you do
now (presumably). If that's dovecot, PAM is normal for it.

The real use of this call, as far as I can tell, is to
distribute users among multiple IMAP servers as backends -
either by domain or by, say, a hash of their username.

-dsr-

Reply to:

References:
- https authorisation server?
  - From: Jeremy Ardley <jeremy@ardley.org>

Prev by Date: Re: Archiving content of a directory on a DVD-R.
Next by Date: Re: Wayland vs X
Previous by thread: https authorisation server?
Next by thread: xfce suspend not working
Index(es):
- Date
- Thread