Mercurial > prosody-modules
annotate mod_authz_delegate/README.md @ 5289:308024be6d6f
mod_authz_delegate: introduce module to "link" authorization of hosts
See the readme :-).
Motivation is allowing Snikket admins to change circle avatars via
the web portal without bypassing Prosody access checks.
| author | Jonas Schäfer <jonas@wielicki.name> |
|---|---|
| date | Wed, 29 Mar 2023 17:21:45 +0200 |
| parents | |
| children |
| rev | line source |
|---|---|
|
5289
308024be6d6f
mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
1 --- |
|
308024be6d6f
mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
2 summary: Authorization delegation |
|
308024be6d6f
mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
3 rockspec: {} |
|
308024be6d6f
mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
4 ... |
|
308024be6d6f
mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
5 |
|
308024be6d6f
mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
6 This module allows delegating authorization questions (role assignment and |
|
308024be6d6f
mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
7 role policies) to another host within prosody. |
|
308024be6d6f
mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
8 |
|
308024be6d6f
mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
9 The primary use of this is for a group of virtual hosts to use a common |
|
308024be6d6f
mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
10 authorization database, for example to allow a MUC component to grant |
|
308024be6d6f
mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
11 administrative access to an admin on a corresponding user virtual host. |
|
308024be6d6f
mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
12 |
|
308024be6d6f
mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
13 ## Configuration |
|
308024be6d6f
mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
14 |
|
308024be6d6f
mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
15 The following example will make all role assignments for local and remote JIDs |
|
308024be6d6f
mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
16 from domain.example effective on groups.domain.example: |
|
308024be6d6f
mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
17 |
|
308024be6d6f
mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
18 ``` |
|
308024be6d6f
mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
19 VirtualHost "domain.example" |
|
308024be6d6f
mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
20 |
|
308024be6d6f
mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
21 Component "groups.domain.example" "muc" |
|
308024be6d6f
mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
22 authorization = "delegate" |
|
308024be6d6f
mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
23 authz_delegate_to = "domain.example" |
|
308024be6d6f
mod_authz_delegate: introduce module to "link" authorization of hosts
Jonas Schäfer <jonas@wielicki.name>
parents:
diff
changeset
|
24 ``` |