diff mod_authz_delegate/README.md @ 5288:f61564b522f7

mod_authz_delegate: introduce module to "link" authorization of hosts See the readme :-). Motivation is allowing Snikket admins to change circle avatars via the web portal without bypassing Prosody access checks.
author Jonas Schäfer <jonas@wielicki.name>
date Wed, 29 Mar 2023 17:21:45 +0200
parents
children
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mod_authz_delegate/README.md	Wed Mar 29 17:21:45 2023 +0200
@@ -0,0 +1,24 @@
+---
+summary: Authorization delegation
+rockspec: {}
+...
+
+This module allows delegating authorization questions (role assignment and
+role policies) to another host within prosody.
+
+The primary use of this is for a group of virtual hosts to use a common
+authorization database, for example to allow a MUC component to grant
+administrative access to an admin on a corresponding user virtual host.
+
+## Configuration
+
+The following example will make all role assignments for local and remote JIDs
+from domain.example effective on groups.domain.example:
+
+```
+VirtualHost "domain.example"
+
+Component "groups.domain.example" "muc"
+    authorization = "delegate"
+    authz_delegate_to = "domain.example"
+```