Re: [bug-anubis] Not relying on ident?

[Sergey Poznyakoff]

Jim Cheetham <address@hidden> wrote:

> Anubis needs to do an ident query to enable it to find the relevant
> ~/.anubisrc file, I believe.

Yes, currently it is so.
 
> If it fails, couldn't we just run with the contents of the site-wide
> file?

Well, it is possible to remap any user to any existing account, thus
forcing the use of this account's profile. It is done via TRANSLATION
section. For example, the section below will use the configuration
file ~/anubis/.anubisrc for any user with domain name "mydomain.net"

BEGIN TRANSLATION
translate mydomain.net into anubis
END

Of course, such usage is strongly discouraged.
 
> As an alternative, if SMTP/AUTH were used, could there be a mapping from
> AUTH data to system username/~/.anubisrc? That way, we would be relying
> on the final MTA to do the identification, rather than ident ...

Yes, the CVS version of Anubis actually uses this aproach. It will be
able to work in two modes: either a traditional one, using IDENTD to
authenticate incoming connections, or in "authentication mode", that
relies on ESMTP AUTH to establish the authenticity of users.

Regards,
Sergey