Mercurial > prosody-wiki
annotate mod_auth_external.wiki @ 396:5720e3f68061
Update docs for lpty-based version
author | MWild1@gmail.com |
---|---|
date | Tue, 13 Aug 2013 17:47:14 +0000 |
parents | 35702f67785f |
children | 0045196dc6b9 |
rev | line source |
---|---|
140
9945dcf3e49e
Added note about authentication = "external" to activate the plugin.
MWild1
parents:
139
diff
changeset
|
1 #summary Authentication via external script/process |
179 | 2 #labels Stage-Alpha,Type-Auth |
139
fa70933bee11
Created basic page, needs expanding by someone who knows more than me. Yes, you Waqas.
MWild1
parents:
diff
changeset
|
3 |
fa70933bee11
Created basic page, needs expanding by someone who knows more than me. Yes, you Waqas.
MWild1
parents:
diff
changeset
|
4 = Introduction = |
fa70933bee11
Created basic page, needs expanding by someone who knows more than me. Yes, you Waqas.
MWild1
parents:
diff
changeset
|
5 |
fa70933bee11
Created basic page, needs expanding by someone who knows more than me. Yes, you Waqas.
MWild1
parents:
diff
changeset
|
6 Allow client authentication to be handled by an external script/process. |
fa70933bee11
Created basic page, needs expanding by someone who knows more than me. Yes, you Waqas.
MWild1
parents:
diff
changeset
|
7 |
396 | 8 = Installation = |
9 | |
10 mod_auth_external depends on a Lua module called [http://www.tset.de/lpty/ lpty]. You can install it on many platforms using [http://luarocks.org/ LuaRocks], for example: | |
11 | |
12 {{{ | |
13 sudo luarocks install lpty | |
14 }}} | |
15 | |
16 Note: Earlier versions of the module did not depend on lpty. While using the newer version is strongly recommended, you can find the [https://prosody-modules.googlecode.com/hg-history/50ee38e95e754bf1034d980364f93564028b2f34/mod_auth_external/mod_auth_external.lua older version here] if you need it (revision 50ee38e95e75 of the repository). | |
17 | |
139
fa70933bee11
Created basic page, needs expanding by someone who knows more than me. Yes, you Waqas.
MWild1
parents:
diff
changeset
|
18 = Configuration = |
fa70933bee11
Created basic page, needs expanding by someone who knows more than me. Yes, you Waqas.
MWild1
parents:
diff
changeset
|
19 |
140
9945dcf3e49e
Added note about authentication = "external" to activate the plugin.
MWild1
parents:
139
diff
changeset
|
20 As with all auth modules, there is no need to add this to modules_enabled. Simply add in the global section, or for the relevant hosts: |
9945dcf3e49e
Added note about authentication = "external" to activate the plugin.
MWild1
parents:
139
diff
changeset
|
21 |
9945dcf3e49e
Added note about authentication = "external" to activate the plugin.
MWild1
parents:
139
diff
changeset
|
22 {{{ |
9945dcf3e49e
Added note about authentication = "external" to activate the plugin.
MWild1
parents:
139
diff
changeset
|
23 authentication = "external" |
9945dcf3e49e
Added note about authentication = "external" to activate the plugin.
MWild1
parents:
139
diff
changeset
|
24 }}} |
9945dcf3e49e
Added note about authentication = "external" to activate the plugin.
MWild1
parents:
139
diff
changeset
|
25 |
9945dcf3e49e
Added note about authentication = "external" to activate the plugin.
MWild1
parents:
139
diff
changeset
|
26 These options are specific to mod_auth_external: |
9945dcf3e49e
Added note about authentication = "external" to activate the plugin.
MWild1
parents:
139
diff
changeset
|
27 |
139
fa70933bee11
Created basic page, needs expanding by someone who knows more than me. Yes, you Waqas.
MWild1
parents:
diff
changeset
|
28 ||external_auth_protocol||May be "generic" or "ejabberd" (the latter for compatibility with ejabberd external auth scripts. Default is "generic".|| |
fa70933bee11
Created basic page, needs expanding by someone who knows more than me. Yes, you Waqas.
MWild1
parents:
diff
changeset
|
29 ||external_auth_command||The command/script to execute.|| |
396 | 30 ||external_auth_timeout||The number of seconds to wait for a response from the auth process. Default is 5.|| |
139
fa70933bee11
Created basic page, needs expanding by someone who knows more than me. Yes, you Waqas.
MWild1
parents:
diff
changeset
|
31 |
307
fa73a9b9d907
mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents:
179
diff
changeset
|
32 = Protocol = |
fa73a9b9d907
mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents:
179
diff
changeset
|
33 |
fa73a9b9d907
mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents:
179
diff
changeset
|
34 Prosody executes the given command/script, and sends it queries. |
fa73a9b9d907
mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents:
179
diff
changeset
|
35 |
fa73a9b9d907
mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents:
179
diff
changeset
|
36 Your auth script should simply read a line from standard input, and write the result to standard output. |
308
f5d82d6588d4
mod_auth_external: Clarify the protocol a bit more.
Waqas Hussain <waqas20@gmail.com>
parents:
307
diff
changeset
|
37 It must do this in a loop, until there's nothing left to read. Prosody can keep sending more lines to the script, |
f5d82d6588d4
mod_auth_external: Clarify the protocol a bit more.
Waqas Hussain <waqas20@gmail.com>
parents:
307
diff
changeset
|
38 with a command on each line. |
307
fa73a9b9d907
mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents:
179
diff
changeset
|
39 |
fa73a9b9d907
mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents:
179
diff
changeset
|
40 Each command is one line, and the response is expected to be a single line containing "0" for failure or "1" for success. |
308
f5d82d6588d4
mod_auth_external: Clarify the protocol a bit more.
Waqas Hussain <waqas20@gmail.com>
parents:
307
diff
changeset
|
41 Your script must respond with "0" for anything it doesn't understand. |
307
fa73a9b9d907
mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents:
179
diff
changeset
|
42 |
fa73a9b9d907
mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents:
179
diff
changeset
|
43 There are three commands used at the moment: |
fa73a9b9d907
mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents:
179
diff
changeset
|
44 |
fa73a9b9d907
mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents:
179
diff
changeset
|
45 == auth == |
fa73a9b9d907
mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents:
179
diff
changeset
|
46 Check if a user's password is valid. |
fa73a9b9d907
mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents:
179
diff
changeset
|
47 |
fa73a9b9d907
mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents:
179
diff
changeset
|
48 Example: {{{auth:username:example.com:abc123}}} |
fa73a9b9d907
mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents:
179
diff
changeset
|
49 |
309
35702f67785f
mod_auth_external: Added note about passwords being able to contain colons (which are also delimiters in the protocol).
Waqas Hussain <waqas20@gmail.com>
parents:
308
diff
changeset
|
50 Note: The password can contain colons. Make sure to handle that. |
35702f67785f
mod_auth_external: Added note about passwords being able to contain colons (which are also delimiters in the protocol).
Waqas Hussain <waqas20@gmail.com>
parents:
308
diff
changeset
|
51 |
307
fa73a9b9d907
mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents:
179
diff
changeset
|
52 == isuser == |
fa73a9b9d907
mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents:
179
diff
changeset
|
53 Check if a user exists. |
fa73a9b9d907
mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents:
179
diff
changeset
|
54 |
fa73a9b9d907
mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents:
179
diff
changeset
|
55 Example: {{{isuser:username:example.com}}} |
fa73a9b9d907
mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents:
179
diff
changeset
|
56 |
fa73a9b9d907
mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents:
179
diff
changeset
|
57 == setpass == |
fa73a9b9d907
mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents:
179
diff
changeset
|
58 Set a new password for the user. Implementing this is optional. |
fa73a9b9d907
mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents:
179
diff
changeset
|
59 |
fa73a9b9d907
mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents:
179
diff
changeset
|
60 Example: {{{setpass:username:example.com:abc123}}} |
fa73a9b9d907
mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents:
179
diff
changeset
|
61 |
309
35702f67785f
mod_auth_external: Added note about passwords being able to contain colons (which are also delimiters in the protocol).
Waqas Hussain <waqas20@gmail.com>
parents:
308
diff
changeset
|
62 Note: The password can contain colons. Make sure to handle that. |
35702f67785f
mod_auth_external: Added note about passwords being able to contain colons (which are also delimiters in the protocol).
Waqas Hussain <waqas20@gmail.com>
parents:
308
diff
changeset
|
63 |
307
fa73a9b9d907
mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents:
179
diff
changeset
|
64 == ejabberd compatibilty == |
fa73a9b9d907
mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents:
179
diff
changeset
|
65 ejabberd implements a similar protocol. The main difference is that Prosody's protocol is line-based, while ejabberd's is length-prefixed. |
fa73a9b9d907
mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents:
179
diff
changeset
|
66 |
fa73a9b9d907
mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents:
179
diff
changeset
|
67 Add this to your config if you need to use an ejabberd auth script: |
fa73a9b9d907
mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents:
179
diff
changeset
|
68 {{{ |
fa73a9b9d907
mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents:
179
diff
changeset
|
69 external_auth_protocol = "ejabberd" |
fa73a9b9d907
mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents:
179
diff
changeset
|
70 }}} |
fa73a9b9d907
mod_auth_external: Document protocol.
Waqas Hussain <waqas20@gmail.com>
parents:
179
diff
changeset
|
71 |
139
fa70933bee11
Created basic page, needs expanding by someone who knows more than me. Yes, you Waqas.
MWild1
parents:
diff
changeset
|
72 = Compatibility = |
396 | 73 ||0.8||Works|| |
74 ||0.9||Works|| |