On Tue, 2005-04-26 at 18:02 -0400, Mark E. Mallett wrote:
I guess I could ignore the first, but the second is sticky. How hard would it be to hack a different sort of proxy server cue into the authentication? Perhaps one of:
If authenticating via passwd, use a gid as an index into a server table (or perhaps have the group name be a server name),
If passwd authentication fails, try a starting the proxy to a specific other server and see if one can log in there.
These sound pretty special kludges which I'd rather not implement :)
Or something else.. I dunno, I'm just looking not to install a SQL server just for this.
I think passwd-file could be modified in some way to support these. It's a bit annoying that the last field which is "mail" can now contain ':' characters.. The "flags" field is nowadays unused, so maybe something like this could be done:
....:list:key=value:key=value:...:mail=mbox\:~/mail
where "list" is in the flags field, meaning rest of the list is in new format.