Hi
> What I use in this situation is the SASL EXTERNAL mechanism.
> This is designed for lifting some lower-level authentication
> (such as IPSEC or
> TLS) to the SASL level, but there's no reason that you can't
> consider TCP connections from a known client to be good
> enough authentication in the right context.
>
> On the server:
>
> EXTERNAL:
> driver = plaintext
> server_set_id = $1
> server_prompts = :
> server_condition = yes
> server_advertise_condition = ${if match_ip{$sender_host_address} \
> {+trusted_hosts} }
> On the client:
>
> EXTERNAL:
> driver = plaintext
> client_send = username
The problem here is, that it need configuration on the client.
This is not what I want. (Yes, I know, ips can be spoofed, but this is only
for a private network.)
Actually I would lookup the ip in a database and assign the "authenticated"
to the result.
However, my feature request enables much more...
I am just thinking, that I can READ every variable everywhere using
$variable, why shouldn't I be able to assign them? (At least for most, this
should not be a problem.)
Regards,
Steffen
