Re: Enhancement patch for basic auth module: yp_auth

From: Henrik Nordstrom <>
Date: Sun, 12 Oct 2003 00:10:35 +0200 (CEST)

On 10 Oct 2003, Bruce Smith wrote:

> The patch basically does the following:
> 1) Nothing, unless you add additional parameters on the command line.
> Existing users of yp_auth will see no difference at all.
> 2) With additional command line parameters, it can check the existence
> of verified users in a NIS group. It can either accept or reject
> all users in the specified group.

Hmm.. this is really best done using a external_acl helper like the other
group lookups I think. Having a auth helper filter out what users are
considered to exists in the user database is a bit strange to me..
authorization is better done separate from authentication and allows for
a cleaner migration to more detailed authorization levels when required.

> This allows "exceptions" so you can prevent certain users from
> connecting, or you can only allow a list of users to connect.

So does having a NIS group helper..

Maybe the unix_group helper can do the job for you without any
modifications to yp_auth? I suspect it can.. (it should, if the server is
member of the NIS domain and what you are looing into is plain group

Received on Sat Oct 11 2003 - 16:10:41 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:20:44 MST