[tpop3d-discuss] ldap virtual auth plugin : near release
Ben Schumacher
ben at blahr.com
Thu, 21 Feb 2002 10:01:48 -0700 (MST)
On Thu, 21 Feb 2002, Chris Lightfoot wrote:
[..snip..]
> Presumably you can set ACLs so that (say) the email
> address and name of a user are publically available, but
> another attribute -- a password hash, say -- is available
> only to the administrator and the user as whom the POP
> server binds to the server?
This would be the advantage of the search then bind way of authenticating.
You could do the search as a anonymous, or low-priv'd user. For example,
for the sake of efficiency, you could add a user that is only used by
tpop3d -- an application user. The application binds as that user and
issues its search as normal, however, it will only receive results for
users that are allowed to check their email via POP3. So, if you have a
database of 1500 users, and only 100 of them are allowed to use POP3 to
check email, then the tpop3d user (through ACLs) would only be allowed to
return results from those 100.
Makes sense, right?
bs.