view @ 307:fa73a9b9d907

mod_auth_external: Document protocol.
author Waqas Hussain <>
date Wed, 10 Oct 2012 01:23:33 +0500
parents 1941dc75dca9
children f5d82d6588d4
line wrap: on
line source

#summary Authentication via external script/process
#labels Stage-Alpha,Type-Auth

= Introduction =

Allow client authentication to be handled by an external script/process.

= Configuration =

As with all auth modules, there is no need to add this to modules_enabled. Simply add in the global section, or for the relevant hosts:

    authentication = "external"

These options are specific to mod_auth_external:

||external_auth_protocol||May be "generic" or "ejabberd" (the latter for compatibility with ejabberd external auth scripts. Default is "generic".||
||external_auth_command||The command/script to execute.||

= Protocol =

Prosody executes the given command/script, and sends it queries.

Your auth script should simply read a line from standard input, and write the result to standard output.

Each command is one line, and the response is expected to be a single line containing "0" for failure or "1" for success.

There are three commands used at the moment:

== auth ==
Check if a user's password is valid.

Example: {{{}}}

== isuser ==
Check if a user exists.

Example: {{{}}}

== setpass ==
Set a new password for the user. Implementing this is optional.

Example: {{{}}}

Your script must respond with "0" for anything it can't handle.

== ejabberd compatibilty ==
ejabberd implements a similar protocol. The main difference is that Prosody's protocol is line-based, while ejabberd's is length-prefixed.

Add this to your config if you need to use an ejabberd auth script:
	external_auth_protocol = "ejabberd"

= Compatibility =