#summary Authentication via external script/process #labels Stage-Alpha,Type-Auth = Introduction = Allow client authentication to be handled by an external script/process. = Installation = mod_auth_external depends on a Lua module called [http://www.tset.de/lpty/ lpty]. You can install it on many platforms using [http://luarocks.org/ LuaRocks], for example: {{{ sudo luarocks install lpty }}} Note: Earlier versions of the module did not depend on lpty. While using the newer version is strongly recommended, you can find the [https://prosody-modules.googlecode.com/hg-history/50ee38e95e754bf1034d980364f93564028b2f34/mod_auth_external/mod_auth_external.lua older version here] if you need it (revision 50ee38e95e75 of the repository). = Configuration = As with all auth modules, there is no need to add this to modules_enabled. Simply add in the global section, or for the relevant hosts: {{{ authentication = "external" }}} These options are specific to mod_auth_external: ||external_auth_protocol||May be "generic" or "ejabberd" (the latter for compatibility with ejabberd external auth scripts. Default is "generic".|| ||external_auth_command||The command/script to execute.|| ||external_auth_timeout||The number of seconds to wait for a response from the auth process. Default is 5.|| = Protocol = Prosody executes the given command/script, and sends it queries. Your auth script should simply read a line from standard input, and write the result to standard output. It must do this in a loop, until there's nothing left to read. Prosody can keep sending more lines to the script, with a command on each line. Each command is one line, and the response is expected to be a single line containing "0" for failure or "1" for success. Your script must respond with "0" for anything it doesn't understand. There are three commands used at the moment: == auth == Check if a user's password is valid. Example: {{{auth:username:example.com:abc123}}} Note: The password can contain colons. Make sure to handle that. == isuser == Check if a user exists. Example: {{{isuser:username:example.com}}} == setpass == Set a new password for the user. Implementing this is optional. Example: {{{setpass:username:example.com:abc123}}} Note: The password can contain colons. Make sure to handle that. == ejabberd compatibilty == ejabberd implements a similar protocol. The main difference is that Prosody's protocol is line-based, while ejabberd's is length-prefixed. Add this to your config if you need to use an ejabberd auth script: {{{ external_auth_protocol = "ejabberd" }}} = Compatibility = ||0.8||Works|| ||0.9||Works||