HylaFAX The world's most advanced open source fax server

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [hylafax-users] PAM authentication and JobProtection

Giuseppe Sacco wrote:
Hi Lee,
thanks for your prompt reply.

Il giorno gio, 09/12/2010 alle 21.14 -0800, Lee Howard ha scritto:
Consequently for this to be resolved hfaxd would need to automatically add entries to hosts.hfaxd (or some other database/table/file) which could be used to assign unique uid/gid to each user, but which would not replace or interfere with future authentications. So some development would be required to enhance and expand hfaxd to do this.

Do you think a new attribute in ldap would help? I mean, it would be
possibile to add a faxGroup attribute to the currently used LDAP schema
(is it posixUser?) and use it as hylafax uid? Of course it will not be
usable via PAM, but it could be used when hylafax+ directly access LDAP.

Yes, this is certainly possible, but I think it requires code development work. And in my way of thinking if someone is going to do some development work for this then that could be best-spent implementing a feature that works for all authentication methods (both PAM and LDAP). So that's how I'd spend *my* time trying to resolve it rather than developing something specific to LDAP.

I've added Joshua Kinard, the HylaFAX+ LDAP contributor, to this e-mail.

Joshua, with the current LDAP implementation in HylaFAX+ does hfaxd get some kind of unique per-user uid or gid and then pass that back to hfaxd? (Forgive me for not re-examining the code.) If not, do you have any opinions on its implementation?

Moreover, I just checked ldap authentication in hylafax+ source code.
From what I understand, this only works on LDAP schema that have a
groupMembership (is it Novell eDirectory schema?).

I think it was developed for Microsoft Active Directory and also Novell.

It would not work on
posixGroup as they use memberUid attribute instead. Is it correct?

I don't know the answer to this question, but by all means the feature could be expanded.



____________________ HylaFAX(tm) Users Mailing List _______________________ To subscribe/unsubscribe, click http://lists.hylafax.org/cgi-bin/lsg2.cgi On UNIX: mail -s unsubscribe hylafax-users-request@xxxxxxxxxxx < /dev/null *To learn about commercial HylaFAX(tm) support, mail sales@xxxxxxxxx*

Project hosted by iFAX Solutions