Re: iauth questions

[Christophe Kalt <kalt@xxxxxxxxxxx>]

On Oct 27, Aleksi Suhonen wrote:
| Do iauth and ircd use separate resolvers or do they
| use the same one? I.e. will there be multiple identical
| DNS queries per connection? Solaris' nscd wouldn't help?

no DNS traffic is generated by iauth, all information is
provided by ircd.

| The manual doesn't specify the exact syntax of the
| host and ip parameters. The module syntax is not
| 100% clear either: are multiple host or ip lines
| allowed per module? Can the same module be defined
| more than once?

yes^2
(an easy way is to test using -c ;-)

| I would also like to be able to define "not"s.

I'm not surprised, and I've been trying to find a good way
to do it, but adding this functionnality makes a simple
matter very complex.
It is especially difficult if the "not"s use hostnames (as
opposed to IPs) because the hostname information (passed by
ircd) isn't available immediately, and may never be
available without iauth ever knowing so until it's too late.

| I.e. how do I in the current scheme of things configure
| iauth to do the following:
| 
| no authentication for *dial*.isp.tld

does that include no socks? (socks != authentication)

| rfc931 and socks for *.isp.tld (other than *dial*)
| socks for *.tld

after some additional thinking, I think the answer is "you
cannot do it, never will", but may be I should add "without
a compromise".
I always turned down all my ideas because the compromise was
something like "in some cases, authentication won't be done
when it should be".  However, we could envision things the
other way around (I think): "in some cases, authentication
will be done when it should not be."

what do you think?