mirror of
https://github.com/foxcpp/maddy.git
synced 2025-04-06 22:47:37 +03:00
47 lines
1.5 KiB
Markdown
47 lines
1.5 KiB
Markdown
# System command
|
|
|
|
auth.external module for authentication using external helper binary. It looks for binary
|
|
named maddy-auth-helper in $PATH and libexecdir and uses it for authentication
|
|
using username/password pair.
|
|
|
|
The protocol is very simple:
|
|
Program is launched for each authentication. Username and password are written
|
|
to stdin, adding \\n to the end. If binary exits with 0 status code -
|
|
authentication is considered successful. If the status code is 1 -
|
|
authentication is failed. If the status code is 2 - another unrelated error has
|
|
happened. Additional information should be written to stderr.
|
|
|
|
```
|
|
auth.external {
|
|
helper /usr/bin/ldap-helper
|
|
perdomain no
|
|
domains example.org
|
|
}
|
|
```
|
|
|
|
## Configuration directives
|
|
|
|
**Syntax**: helper _file\_path\_
|
|
|
|
Location of the helper binary. **Required.**
|
|
|
|
**Syntax**: perdomain _boolean_ <br>
|
|
**Default**: no
|
|
|
|
Don't remove domain part of username when authenticating and require it to be
|
|
present. Can be used if you want user@domain1 and user@domain2 to be different
|
|
accounts.
|
|
|
|
**Syntax**: domains _domains..._ <br>
|
|
**Default**: not specified
|
|
|
|
Domains that should be allowed in username during authentication.
|
|
|
|
For example, if 'domains' is set to "domain1 domain2", then
|
|
username, username@domain1 and username@domain2 will be accepted as valid login
|
|
name in addition to just username.
|
|
|
|
If used without 'perdomain', domain part will be removed from login before
|
|
check with underlying auth. mechanism. If 'perdomain' is set, then
|
|
domains must be also set and domain part WILL NOT be removed before check.
|
|
|