prosody-wiki: mod_auth_external.wiki annotate

annotate mod_auth_external.wiki @ 396:5720e3f68061

Update docs for lpty-based version

author	MWild1@gmail.com
date	Tue, 13 Aug 2013 17:47:14 +0000
parents	35702f67785f
children	0045196dc6b9

rev	line source
140 9945dcf3e49e Added note about authentication = "external" to activate the plugin. MWild1 parents: 139 diff changeset	1 #summary Authentication via external script/process
179 1941dc75dca9 Add Type-Auth tag MWild1 parents: 140 diff changeset	2 #labels Stage-Alpha,Type-Auth
139 fa70933bee11 Created basic page, needs expanding by someone who knows more than me. Yes, you Waqas. MWild1 parents: diff changeset	3
fa70933bee11 Created basic page, needs expanding by someone who knows more than me. Yes, you Waqas. MWild1 parents: diff changeset	4 = Introduction =
fa70933bee11 Created basic page, needs expanding by someone who knows more than me. Yes, you Waqas. MWild1 parents: diff changeset	5
fa70933bee11 Created basic page, needs expanding by someone who knows more than me. Yes, you Waqas. MWild1 parents: diff changeset	6 Allow client authentication to be handled by an external script/process.
fa70933bee11 Created basic page, needs expanding by someone who knows more than me. Yes, you Waqas. MWild1 parents: diff changeset	7
396 5720e3f68061 Update docs for lpty-based version MWild1@gmail.com parents: 309 diff changeset	8 = Installation =
5720e3f68061 Update docs for lpty-based version MWild1@gmail.com parents: 309 diff changeset	9
5720e3f68061 Update docs for lpty-based version MWild1@gmail.com parents: 309 diff changeset	10 mod_auth_external depends on a Lua module called [http://www.tset.de/lpty/ lpty]. You can install it on many platforms using [http://luarocks.org/ LuaRocks], for example:
5720e3f68061 Update docs for lpty-based version MWild1@gmail.com parents: 309 diff changeset	11
5720e3f68061 Update docs for lpty-based version MWild1@gmail.com parents: 309 diff changeset	12 {{{
5720e3f68061 Update docs for lpty-based version MWild1@gmail.com parents: 309 diff changeset	13 sudo luarocks install lpty
5720e3f68061 Update docs for lpty-based version MWild1@gmail.com parents: 309 diff changeset	14 }}}
5720e3f68061 Update docs for lpty-based version MWild1@gmail.com parents: 309 diff changeset	15
5720e3f68061 Update docs for lpty-based version MWild1@gmail.com parents: 309 diff changeset	16 Note: Earlier versions of the module did not depend on lpty. While using the newer version is strongly recommended, you can find the [https://prosody-modules.googlecode.com/hg-history/50ee38e95e754bf1034d980364f93564028b2f34/mod_auth_external/mod_auth_external.lua older version here] if you need it (revision 50ee38e95e75 of the repository).
5720e3f68061 Update docs for lpty-based version MWild1@gmail.com parents: 309 diff changeset	17
139 fa70933bee11 Created basic page, needs expanding by someone who knows more than me. Yes, you Waqas. MWild1 parents: diff changeset	18 = Configuration =
fa70933bee11 Created basic page, needs expanding by someone who knows more than me. Yes, you Waqas. MWild1 parents: diff changeset	19
140 9945dcf3e49e Added note about authentication = "external" to activate the plugin. MWild1 parents: 139 diff changeset	20 As with all auth modules, there is no need to add this to modules_enabled. Simply add in the global section, or for the relevant hosts:
9945dcf3e49e Added note about authentication = "external" to activate the plugin. MWild1 parents: 139 diff changeset	21
9945dcf3e49e Added note about authentication = "external" to activate the plugin. MWild1 parents: 139 diff changeset	22 {{{
9945dcf3e49e Added note about authentication = "external" to activate the plugin. MWild1 parents: 139 diff changeset	23 authentication = "external"
9945dcf3e49e Added note about authentication = "external" to activate the plugin. MWild1 parents: 139 diff changeset	24 }}}
9945dcf3e49e Added note about authentication = "external" to activate the plugin. MWild1 parents: 139 diff changeset	25
9945dcf3e49e Added note about authentication = "external" to activate the plugin. MWild1 parents: 139 diff changeset	26 These options are specific to mod_auth_external:
9945dcf3e49e Added note about authentication = "external" to activate the plugin. MWild1 parents: 139 diff changeset	27
139 fa70933bee11 Created basic page, needs expanding by someone who knows more than me. Yes, you Waqas. MWild1 parents: diff changeset	28 \|\|external_auth_protocol\|\|May be "generic" or "ejabberd" (the latter for compatibility with ejabberd external auth scripts. Default is "generic".\|\|
fa70933bee11 Created basic page, needs expanding by someone who knows more than me. Yes, you Waqas. MWild1 parents: diff changeset	29 \|\|external_auth_command\|\|The command/script to execute.\|\|
396 5720e3f68061 Update docs for lpty-based version MWild1@gmail.com parents: 309 diff changeset	30 \|\|external_auth_timeout\|\|The number of seconds to wait for a response from the auth process. Default is 5.\|\|
139 fa70933bee11 Created basic page, needs expanding by someone who knows more than me. Yes, you Waqas. MWild1 parents: diff changeset	31
307 fa73a9b9d907 mod_auth_external: Document protocol. Waqas Hussain <waqas20@gmail.com> parents: 179 diff changeset	32 = Protocol =
fa73a9b9d907 mod_auth_external: Document protocol. Waqas Hussain <waqas20@gmail.com> parents: 179 diff changeset	33
fa73a9b9d907 mod_auth_external: Document protocol. Waqas Hussain <waqas20@gmail.com> parents: 179 diff changeset	34 Prosody executes the given command/script, and sends it queries.
fa73a9b9d907 mod_auth_external: Document protocol. Waqas Hussain <waqas20@gmail.com> parents: 179 diff changeset	35
fa73a9b9d907 mod_auth_external: Document protocol. Waqas Hussain <waqas20@gmail.com> parents: 179 diff changeset	36 Your auth script should simply read a line from standard input, and write the result to standard output.
308 f5d82d6588d4 mod_auth_external: Clarify the protocol a bit more. Waqas Hussain <waqas20@gmail.com> parents: 307 diff changeset	37 It must do this in a loop, until there's nothing left to read. Prosody can keep sending more lines to the script,
f5d82d6588d4 mod_auth_external: Clarify the protocol a bit more. Waqas Hussain <waqas20@gmail.com> parents: 307 diff changeset	38 with a command on each line.
307 fa73a9b9d907 mod_auth_external: Document protocol. Waqas Hussain <waqas20@gmail.com> parents: 179 diff changeset	39
fa73a9b9d907 mod_auth_external: Document protocol. Waqas Hussain <waqas20@gmail.com> parents: 179 diff changeset	40 Each command is one line, and the response is expected to be a single line containing "0" for failure or "1" for success.
308 f5d82d6588d4 mod_auth_external: Clarify the protocol a bit more. Waqas Hussain <waqas20@gmail.com> parents: 307 diff changeset	41 Your script must respond with "0" for anything it doesn't understand.
307 fa73a9b9d907 mod_auth_external: Document protocol. Waqas Hussain <waqas20@gmail.com> parents: 179 diff changeset	42
fa73a9b9d907 mod_auth_external: Document protocol. Waqas Hussain <waqas20@gmail.com> parents: 179 diff changeset	43 There are three commands used at the moment:
fa73a9b9d907 mod_auth_external: Document protocol. Waqas Hussain <waqas20@gmail.com> parents: 179 diff changeset	44
fa73a9b9d907 mod_auth_external: Document protocol. Waqas Hussain <waqas20@gmail.com> parents: 179 diff changeset	45 == auth ==
fa73a9b9d907 mod_auth_external: Document protocol. Waqas Hussain <waqas20@gmail.com> parents: 179 diff changeset	46 Check if a user's password is valid.
fa73a9b9d907 mod_auth_external: Document protocol. Waqas Hussain <waqas20@gmail.com> parents: 179 diff changeset	47
fa73a9b9d907 mod_auth_external: Document protocol. Waqas Hussain <waqas20@gmail.com> parents: 179 diff changeset	48 Example: {{{auth:username:example.com:abc123}}}
fa73a9b9d907 mod_auth_external: Document protocol. Waqas Hussain <waqas20@gmail.com> parents: 179 diff changeset	49
309 35702f67785f mod_auth_external: Added note about passwords being able to contain colons (which are also delimiters in the protocol). Waqas Hussain <waqas20@gmail.com> parents: 308 diff changeset	50 Note: The password can contain colons. Make sure to handle that.
35702f67785f mod_auth_external: Added note about passwords being able to contain colons (which are also delimiters in the protocol). Waqas Hussain <waqas20@gmail.com> parents: 308 diff changeset	51
307 fa73a9b9d907 mod_auth_external: Document protocol. Waqas Hussain <waqas20@gmail.com> parents: 179 diff changeset	52 == isuser ==
fa73a9b9d907 mod_auth_external: Document protocol. Waqas Hussain <waqas20@gmail.com> parents: 179 diff changeset	53 Check if a user exists.
fa73a9b9d907 mod_auth_external: Document protocol. Waqas Hussain <waqas20@gmail.com> parents: 179 diff changeset	54
fa73a9b9d907 mod_auth_external: Document protocol. Waqas Hussain <waqas20@gmail.com> parents: 179 diff changeset	55 Example: {{{isuser:username:example.com}}}
fa73a9b9d907 mod_auth_external: Document protocol. Waqas Hussain <waqas20@gmail.com> parents: 179 diff changeset	56
fa73a9b9d907 mod_auth_external: Document protocol. Waqas Hussain <waqas20@gmail.com> parents: 179 diff changeset	57 == setpass ==
fa73a9b9d907 mod_auth_external: Document protocol. Waqas Hussain <waqas20@gmail.com> parents: 179 diff changeset	58 Set a new password for the user. Implementing this is optional.
fa73a9b9d907 mod_auth_external: Document protocol. Waqas Hussain <waqas20@gmail.com> parents: 179 diff changeset	59
fa73a9b9d907 mod_auth_external: Document protocol. Waqas Hussain <waqas20@gmail.com> parents: 179 diff changeset	60 Example: {{{setpass:username:example.com:abc123}}}
fa73a9b9d907 mod_auth_external: Document protocol. Waqas Hussain <waqas20@gmail.com> parents: 179 diff changeset	61
309 35702f67785f mod_auth_external: Added note about passwords being able to contain colons (which are also delimiters in the protocol). Waqas Hussain <waqas20@gmail.com> parents: 308 diff changeset	62 Note: The password can contain colons. Make sure to handle that.
35702f67785f mod_auth_external: Added note about passwords being able to contain colons (which are also delimiters in the protocol). Waqas Hussain <waqas20@gmail.com> parents: 308 diff changeset	63
307 fa73a9b9d907 mod_auth_external: Document protocol. Waqas Hussain <waqas20@gmail.com> parents: 179 diff changeset	64 == ejabberd compatibilty ==
fa73a9b9d907 mod_auth_external: Document protocol. Waqas Hussain <waqas20@gmail.com> parents: 179 diff changeset	65 ejabberd implements a similar protocol. The main difference is that Prosody's protocol is line-based, while ejabberd's is length-prefixed.
fa73a9b9d907 mod_auth_external: Document protocol. Waqas Hussain <waqas20@gmail.com> parents: 179 diff changeset	66
fa73a9b9d907 mod_auth_external: Document protocol. Waqas Hussain <waqas20@gmail.com> parents: 179 diff changeset	67 Add this to your config if you need to use an ejabberd auth script:
fa73a9b9d907 mod_auth_external: Document protocol. Waqas Hussain <waqas20@gmail.com> parents: 179 diff changeset	68 {{{
fa73a9b9d907 mod_auth_external: Document protocol. Waqas Hussain <waqas20@gmail.com> parents: 179 diff changeset	69 external_auth_protocol = "ejabberd"
fa73a9b9d907 mod_auth_external: Document protocol. Waqas Hussain <waqas20@gmail.com> parents: 179 diff changeset	70 }}}
fa73a9b9d907 mod_auth_external: Document protocol. Waqas Hussain <waqas20@gmail.com> parents: 179 diff changeset	71
139 fa70933bee11 Created basic page, needs expanding by someone who knows more than me. Yes, you Waqas. MWild1 parents: diff changeset	72 = Compatibility =
396 5720e3f68061 Update docs for lpty-based version MWild1@gmail.com parents: 309 diff changeset	73 \|\|0.8\|\|Works\|\|
5720e3f68061 Update docs for lpty-based version MWild1@gmail.com parents: 309 diff changeset	74 \|\|0.9\|\|Works\|\|

Mercurial > prosody-wiki

annotate mod_auth_external.wiki @ 396:5720e3f68061