annotate mod_auth_external.wiki @ 382:469bcbdfe281

mod_storage_ldap, mod_storage_mongodb: Add Type-Storage labels
author Kim Alvefur <zash@zash.se>
date Sat, 29 Jun 2013 23:04:11 +0200
parents 35702f67785f
children 5720e3f68061
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
140
9945dcf3e49e Added note about authentication = "external" to activate the plugin.
MWild1
parents: 139
diff changeset
1 #summary Authentication via external script/process
179
1941dc75dca9 Add Type-Auth tag
MWild1
parents: 140
diff changeset
2 #labels Stage-Alpha,Type-Auth
139
fa70933bee11 Created basic page, needs expanding by someone who knows more than me. Yes, you Waqas.
MWild1
parents:
diff changeset
3
fa70933bee11 Created basic page, needs expanding by someone who knows more than me. Yes, you Waqas.
MWild1
parents:
diff changeset
4 = Introduction =
fa70933bee11 Created basic page, needs expanding by someone who knows more than me. Yes, you Waqas.
MWild1
parents:
diff changeset
5
fa70933bee11 Created basic page, needs expanding by someone who knows more than me. Yes, you Waqas.
MWild1
parents:
diff changeset
6 Allow client authentication to be handled by an external script/process.
fa70933bee11 Created basic page, needs expanding by someone who knows more than me. Yes, you Waqas.
MWild1
parents:
diff changeset
7
fa70933bee11 Created basic page, needs expanding by someone who knows more than me. Yes, you Waqas.
MWild1
parents:
diff changeset
8 = Configuration =
fa70933bee11 Created basic page, needs expanding by someone who knows more than me. Yes, you Waqas.
MWild1
parents:
diff changeset
9
140
9945dcf3e49e Added note about authentication = "external" to activate the plugin.
MWild1
parents: 139
diff changeset
10 As with all auth modules, there is no need to add this to modules_enabled. Simply add in the global section, or for the relevant hosts:
9945dcf3e49e Added note about authentication = "external" to activate the plugin.
MWild1
parents: 139
diff changeset
11
9945dcf3e49e Added note about authentication = "external" to activate the plugin.
MWild1
parents: 139
diff changeset
12 {{{
9945dcf3e49e Added note about authentication = "external" to activate the plugin.
MWild1
parents: 139
diff changeset
13 authentication = "external"
9945dcf3e49e Added note about authentication = "external" to activate the plugin.
MWild1
parents: 139
diff changeset
14 }}}
9945dcf3e49e Added note about authentication = "external" to activate the plugin.
MWild1
parents: 139
diff changeset
15
9945dcf3e49e Added note about authentication = "external" to activate the plugin.
MWild1
parents: 139
diff changeset
16 These options are specific to mod_auth_external:
9945dcf3e49e Added note about authentication = "external" to activate the plugin.
MWild1
parents: 139
diff changeset
17
139
fa70933bee11 Created basic page, needs expanding by someone who knows more than me. Yes, you Waqas.
MWild1
parents:
diff changeset
18 ||external_auth_protocol||May be "generic" or "ejabberd" (the latter for compatibility with ejabberd external auth scripts. Default is "generic".||
fa70933bee11 Created basic page, needs expanding by someone who knows more than me. Yes, you Waqas.
MWild1
parents:
diff changeset
19 ||external_auth_command||The command/script to execute.||
fa70933bee11 Created basic page, needs expanding by someone who knows more than me. Yes, you Waqas.
MWild1
parents:
diff changeset
20
307
fa73a9b9d907 mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents: 179
diff changeset
21 = Protocol =
fa73a9b9d907 mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents: 179
diff changeset
22
fa73a9b9d907 mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents: 179
diff changeset
23 Prosody executes the given command/script, and sends it queries.
fa73a9b9d907 mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents: 179
diff changeset
24
fa73a9b9d907 mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents: 179
diff changeset
25 Your auth script should simply read a line from standard input, and write the result to standard output.
308
f5d82d6588d4 mod_auth_external: Clarify the protocol a bit more.
Waqas Hussain <waqas20@gmail.com>
parents: 307
diff changeset
26 It must do this in a loop, until there's nothing left to read. Prosody can keep sending more lines to the script,
f5d82d6588d4 mod_auth_external: Clarify the protocol a bit more.
Waqas Hussain <waqas20@gmail.com>
parents: 307
diff changeset
27 with a command on each line.
307
fa73a9b9d907 mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents: 179
diff changeset
28
fa73a9b9d907 mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents: 179
diff changeset
29 Each command is one line, and the response is expected to be a single line containing "0" for failure or "1" for success.
308
f5d82d6588d4 mod_auth_external: Clarify the protocol a bit more.
Waqas Hussain <waqas20@gmail.com>
parents: 307
diff changeset
30 Your script must respond with "0" for anything it doesn't understand.
307
fa73a9b9d907 mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents: 179
diff changeset
31
fa73a9b9d907 mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents: 179
diff changeset
32 There are three commands used at the moment:
fa73a9b9d907 mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents: 179
diff changeset
33
fa73a9b9d907 mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents: 179
diff changeset
34 == auth ==
fa73a9b9d907 mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents: 179
diff changeset
35 Check if a user's password is valid.
fa73a9b9d907 mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents: 179
diff changeset
36
fa73a9b9d907 mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents: 179
diff changeset
37 Example: {{{auth:username:example.com:abc123}}}
fa73a9b9d907 mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents: 179
diff changeset
38
309
35702f67785f mod_auth_external: Added note about passwords being able to contain colons (which are also delimiters in the protocol).
Waqas Hussain <waqas20@gmail.com>
parents: 308
diff changeset
39 Note: The password can contain colons. Make sure to handle that.
35702f67785f mod_auth_external: Added note about passwords being able to contain colons (which are also delimiters in the protocol).
Waqas Hussain <waqas20@gmail.com>
parents: 308
diff changeset
40
307
fa73a9b9d907 mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents: 179
diff changeset
41 == isuser ==
fa73a9b9d907 mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents: 179
diff changeset
42 Check if a user exists.
fa73a9b9d907 mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents: 179
diff changeset
43
fa73a9b9d907 mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents: 179
diff changeset
44 Example: {{{isuser:username:example.com}}}
fa73a9b9d907 mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents: 179
diff changeset
45
fa73a9b9d907 mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents: 179
diff changeset
46 == setpass ==
fa73a9b9d907 mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents: 179
diff changeset
47 Set a new password for the user. Implementing this is optional.
fa73a9b9d907 mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents: 179
diff changeset
48
fa73a9b9d907 mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents: 179
diff changeset
49 Example: {{{setpass:username:example.com:abc123}}}
fa73a9b9d907 mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents: 179
diff changeset
50
309
35702f67785f mod_auth_external: Added note about passwords being able to contain colons (which are also delimiters in the protocol).
Waqas Hussain <waqas20@gmail.com>
parents: 308
diff changeset
51 Note: The password can contain colons. Make sure to handle that.
35702f67785f mod_auth_external: Added note about passwords being able to contain colons (which are also delimiters in the protocol).
Waqas Hussain <waqas20@gmail.com>
parents: 308
diff changeset
52
307
fa73a9b9d907 mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents: 179
diff changeset
53 == ejabberd compatibilty ==
fa73a9b9d907 mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents: 179
diff changeset
54 ejabberd implements a similar protocol. The main difference is that Prosody's protocol is line-based, while ejabberd's is length-prefixed.
fa73a9b9d907 mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents: 179
diff changeset
55
fa73a9b9d907 mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents: 179
diff changeset
56 Add this to your config if you need to use an ejabberd auth script:
fa73a9b9d907 mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents: 179
diff changeset
57 {{{
fa73a9b9d907 mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents: 179
diff changeset
58 external_auth_protocol = "ejabberd"
fa73a9b9d907 mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents: 179
diff changeset
59 }}}
fa73a9b9d907 mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents: 179
diff changeset
60
139
fa70933bee11 Created basic page, needs expanding by someone who knows more than me. Yes, you Waqas.
MWild1
parents:
diff changeset
61 = Compatibility =
fa70933bee11 Created basic page, needs expanding by someone who knows more than me. Yes, you Waqas.
MWild1
parents:
diff changeset
62 ||0.8||Works||