Mercurial > prosody-modules
diff mod_authz_delegate/README.md @ 5288:f61564b522f7
mod_authz_delegate: introduce module to "link" authorization of hosts
See the readme :-).
Motivation is allowing Snikket admins to change circle avatars via
the web portal without bypassing Prosody access checks.
author | Jonas Schäfer <jonas@wielicki.name> |
---|---|
date | Wed, 29 Mar 2023 17:21:45 +0200 |
parents | |
children |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mod_authz_delegate/README.md Wed Mar 29 17:21:45 2023 +0200 @@ -0,0 +1,24 @@ +--- +summary: Authorization delegation +rockspec: {} +... + +This module allows delegating authorization questions (role assignment and +role policies) to another host within prosody. + +The primary use of this is for a group of virtual hosts to use a common +authorization database, for example to allow a MUC component to grant +administrative access to an admin on a corresponding user virtual host. + +## Configuration + +The following example will make all role assignments for local and remote JIDs +from domain.example effective on groups.domain.example: + +``` +VirtualHost "domain.example" + +Component "groups.domain.example" "muc" + authorization = "delegate" + authz_delegate_to = "domain.example" +```