Mercurial > prosody-modules
diff mod_auth_external/README.wiki @ 1782:29f3d6b7ad16
Import wiki pages
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Mon, 24 Aug 2015 16:43:56 +0200 |
parents | |
children |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mod_auth_external/README.wiki Mon Aug 24 16:43:56 2015 +0200 @@ -0,0 +1,85 @@ +#summary Authentication via external script/process +#labels Stage-Alpha,Type-Auth + += Introduction = + +Allow client authentication to be handled by an external script/process. + += Installation = + +mod_auth_external depends on a Lua module called [http://www.tset.de/lpty/ lpty]. You can install it on many platforms using [http://luarocks.org/ LuaRocks], for example: + +{{{ + sudo luarocks install lpty +}}} + +Note: Earlier versions of the module did not depend on lpty. While using the newer version is strongly recommended, you can find the [https://prosody-modules.googlecode.com/hg-history/50ee38e95e754bf1034d980364f93564028b2f34/mod_auth_external/mod_auth_external.lua older version here] if you need it (revision 50ee38e95e75 of the repository). + += Configuration = + +As with all auth modules, there is no need to add this to modules_enabled. Simply add in the global section, or for the relevant hosts: + +{{{ + authentication = "external" +}}} + +These options are specific to mod_auth_external: + +||external_auth_protocol||May be "generic" or "ejabberd" (the latter for compatibility with ejabberd external auth scripts. Default is "generic".|| +||external_auth_command||The command/script to execute.|| + +Two other options are also available, depending on whether the module is running in 'blocking' or 'non-blocking' mode: +||external_auth_timeout||blocking||The number of seconds to wait for a response from the auth process. Default is 5.|| +||external_auth_processes||non-blocking||The number of concurrent processes to spawn. Default is 1, increase to handle high connection rates efficiently.|| + +== Blocking vs non-blocking == + +Non-blocking mode is automatically activated when: + + * Running Prosody trunk ([http://prosody.im/nightly/ nightly] build 414+). + * [http://prosody.im/doc/libevent libevent] is enabled in the config, and LuaEvent is available. + * lpty (see installation above) is version 1.0.1 or later. + += Protocol = + +Prosody executes the given command/script, and sends it queries. + +Your auth script should simply read a line from standard input, and write the result to standard output. +It must do this in a loop, until there's nothing left to read. Prosody can keep sending more lines to the script, +with a command on each line. + +Each command is one line, and the response is expected to be a single line containing "0" for failure or "1" for success. +Your script must respond with "0" for anything it doesn't understand. + +There are three commands used at the moment: + +== auth == +Check if a user's password is valid. + +Example: {{{auth:username:example.com:abc123}}} + +Note: The password can contain colons. Make sure to handle that. + +== isuser == +Check if a user exists. + +Example: {{{isuser:username:example.com}}} + +== setpass == +Set a new password for the user. Implementing this is optional. + +Example: {{{setpass:username:example.com:abc123}}} + +Note: The password can contain colons. Make sure to handle that. + +== ejabberd compatibilty == +ejabberd implements a similar protocol. The main difference is that Prosody's protocol is line-based, while ejabberd's is length-prefixed. + +Add this to your config if you need to use an ejabberd auth script: +{{{ + external_auth_protocol = "ejabberd" +}}} + += Compatibility = +||0.8||Works|| +||0.9||Works|| \ No newline at end of file