Mercurial > hg > nginx-site
comparison xml/en/docs/mail/ngx_mail_auth_http_module.xml @ 664:8283b1048b27
Translated mail modules into English.
author | Vladimir Homutov <vl@nginx.com> |
---|---|
date | Wed, 05 Sep 2012 14:07:43 +0000 |
parents | |
children | 81ac18894319 |
comparison
equal
deleted
inserted
replaced
663:639bbb0c9d05 | 664:8283b1048b27 |
---|---|
1 <?xml version="1.0"?> | |
2 | |
3 <!-- | |
4 Copyright (C) 2006, 2007 Anton Yuzhaninov | |
5 Copyright (C) Nginx, Inc. | |
6 --> | |
7 | |
8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> | |
9 | |
10 <module name="Module ngx_mail_auth_http_module" | |
11 link="/ru/docs/mail/ngx_mail_auth_http_module.html" | |
12 lang="ru" | |
13 rev="1"> | |
14 | |
15 <section id="directives" name="Directives"> | |
16 | |
17 <directive name="auth_http"> | |
18 <syntax><value>URL</value></syntax> | |
19 <default/> | |
20 <context>mail</context> | |
21 <context>server</context> | |
22 | |
23 <para> | |
24 Sets the URL of the HTTP authentication server. | |
25 The protocol is described below. | |
26 </para> | |
27 | |
28 </directive> | |
29 | |
30 | |
31 <directive name="auth_http_header"> | |
32 <syntax><value>header</value> <value>value</value></syntax> | |
33 <default/> | |
34 <context>mail</context> | |
35 <context>server</context> | |
36 | |
37 <para> | |
38 Allows to append the specified header to requests to the authentication server. | |
39 Can be used as a shared secret to verify | |
40 that the request came in from nginx. | |
41 For example: | |
42 <example> | |
43 auth_http_header X-Auth-Key "secret_string"; | |
44 </example> | |
45 </para> | |
46 | |
47 </directive> | |
48 | |
49 | |
50 <directive name="auth_http_timeout"> | |
51 <syntax><value>time</value></syntax> | |
52 <default>60s</default> | |
53 <context>mail</context> | |
54 <context>server</context> | |
55 | |
56 <para> | |
57 </para> | |
58 | |
59 </directive> | |
60 | |
61 </section> | |
62 | |
63 | |
64 <section id="protocol" name="Protocol"> | |
65 | |
66 <para> | |
67 The HTTP is used to communicate with the authentication server. | |
68 The data in the response body is ignored, information is passed only in headers. | |
69 </para> | |
70 | |
71 <para> | |
72 Requests and responses examples: | |
73 </para> | |
74 | |
75 <para> | |
76 Request: | |
77 <example> | |
78 GET /auth HTTP/1.0 | |
79 Host: localhost | |
80 Auth-Method: plain # plain or apop or cram-md5 | |
81 Auth-User: user | |
82 Auth-Pass: password | |
83 Auth-Protocol: imap # imap, pop3 or smtp | |
84 Auth-Login-Attempt: 1 # attempt count in a single session | |
85 Client-IP: 192.168.1.1 | |
86 </example> | |
87 Good response: | |
88 <example> | |
89 HTTP/1.0 200 OK # this line is ignored | |
90 Auth-Status: OK | |
91 Auth-Server: 10.1.1.1 | |
92 Auth-Port: 143 | |
93 </example> | |
94 Bad response: | |
95 <example> | |
96 HTTP/1.0 200 OK # this line is ignored | |
97 Auth-Status: Invalid login or password | |
98 Auth-Wait: 3 # wait for 3 seconds before returning an error to the client | |
99 </example> | |
100 </para> | |
101 | |
102 <para> | |
103 If there is no the <header>Auth-Wait</header> header, | |
104 the connection will be closed after returning an error. | |
105 The current implementation allocates memory per each authentication attempt, | |
106 which is freed only at the end of a session. | |
107 Therefore a number of invalid authentication attempts in a single session | |
108 must be limited — the server must response without | |
109 the <header>Auth-Wait</header> header after 10-20 attempts | |
110 (see the <header>Auth-Login-Attempt</header> header). | |
111 </para> | |
112 | |
113 <para> | |
114 When using the APOP or CRAM-MD5 request-reponses will look like: | |
115 <example> | |
116 GET /auth HTTP/1.0 | |
117 Host: localhost | |
118 Auth-Method: apop | |
119 Auth-User: user | |
120 Auth-Salt: <238188073.1163692009@mail.example.com> | |
121 Auth-Pass: auth_response | |
122 Auth-Protocol: imap | |
123 Auth-Login-Attempt: 1 # attempt count in a single session | |
124 Client-IP: 192.168.1.1 | |
125 </example> | |
126 Good response: | |
127 <example> | |
128 HTTP/1.0 200 OK # this line is ignored | |
129 Auth-Status: OK | |
130 Auth-Server: 10.1.1.1 | |
131 Auth-Port: 143 | |
132 Auth-Pass: plain-text-pass | |
133 </example> | |
134 </para> | |
135 | |
136 <para> | |
137 For the SMTP, the response additionally takes into account | |
138 the <header>Auth-Error-Code</header> header — it is used | |
139 as a response code if exists. | |
140 Otherwise the code 535 5.7.0 will be added to | |
141 the <header>Auth-Status</header> by default. | |
142 </para> | |
143 | |
144 <para> | |
145 For example, if the following response is received | |
146 from the authentication server: | |
147 <example> | |
148 HTTP/1.0 200 OK | |
149 Auth-Status: Temporary server problem, try again later | |
150 Auth-Error-Code: 451 4.3.0 | |
151 Auth-Wait: 3 | |
152 </example> | |
153 then the SMTP client will be given an error | |
154 <example> | |
155 451 4.3.0 Temporary server problem, try again later | |
156 </example> | |
157 </para> | |
158 | |
159 </section> | |
160 | |
161 </module> |