Mercurial > hg > nginx-site
comparison xml/en/docs/mail/ngx_mail_auth_http_module.xml @ 966:95c3c3bbf1ce
Text review.
author | Egor Nikitin <yegor.nikitin@gmail.com> |
---|---|
date | Wed, 14 Aug 2013 12:03:41 +0400 |
parents | 59def594b0c9 |
children | b81ad8234f90 |
comparison
equal
deleted
inserted
replaced
965:fadccc156188 | 966:95c3c3bbf1ce |
---|---|
33 <default/> | 33 <default/> |
34 <context>mail</context> | 34 <context>mail</context> |
35 <context>server</context> | 35 <context>server</context> |
36 | 36 |
37 <para> | 37 <para> |
38 Allows to append the specified header to requests to the authentication server. | 38 Appends the specified header to requests to the authentication server. |
39 Can be used as a shared secret to verify | 39 This header can be used as the shared secret to verify |
40 that the request came in from nginx. | 40 that the request comes from nginx. |
41 For example: | 41 For example: |
42 <example> | 42 <example> |
43 auth_http_header X-Auth-Key "secret_string"; | 43 auth_http_header X-Auth-Key "secret_string"; |
44 </example> | 44 </example> |
45 </para> | 45 </para> |
63 | 63 |
64 <section id="protocol" name="Protocol"> | 64 <section id="protocol" name="Protocol"> |
65 | 65 |
66 <para> | 66 <para> |
67 The HTTP is used to communicate with the authentication server. | 67 The HTTP is used to communicate with the authentication server. |
68 The data in the response body is ignored, information is passed only in headers. | 68 The data in the response body is ignored, and the information is passed only in |
69 the headers. | |
69 </para> | 70 </para> |
70 | 71 |
71 <para> | 72 <para> |
72 Requests and responses examples: | 73 Examples of requests and responses: |
73 </para> | 74 </para> |
74 | 75 |
75 <para> | 76 <para> |
76 Request: | 77 Request: |
77 <example> | 78 <example> |
98 Auth-Wait: 3 # wait for 3 seconds before returning an error to the client | 99 Auth-Wait: 3 # wait for 3 seconds before returning an error to the client |
99 </example> | 100 </example> |
100 </para> | 101 </para> |
101 | 102 |
102 <para> | 103 <para> |
103 If there is no the <header>Auth-Wait</header> header, | 104 If there is no <header>Auth-Wait</header> header in a request, |
104 the connection will be closed after returning an error. | 105 an error will be returned and the connection will be closed. |
105 The current implementation allocates memory per each authentication attempt, | 106 The current implementation allocates memory for each authentication attempt. |
106 which is freed only at the end of a session. | 107 The memory is freed only at the end of a session. |
107 Therefore a number of invalid authentication attempts in a single session | 108 Therefore, the number of invalid authentication attempts in a single session |
108 must be limited — the server must response without | 109 must be limited — the server must response without |
109 the <header>Auth-Wait</header> header after 10-20 attempts | 110 the <header>Auth-Wait</header> header after 10-20 attempts |
110 (see the <header>Auth-Login-Attempt</header> header). | 111 (the attempt number is passed in the <header>Auth-Login-Attempt</header> |
112 header). | |
111 </para> | 113 </para> |
112 | 114 |
113 <para> | 115 <para> |
114 When using the APOP or CRAM-MD5 request-response will look like: | 116 When the APOP or CRAM-MD5 are used, a request-response will look as follows. |
115 <example> | 117 <example> |
116 GET /auth HTTP/1.0 | 118 GET /auth HTTP/1.0 |
117 Host: localhost | 119 Host: localhost |
118 Auth-Method: apop | 120 Auth-Method: apop |
119 Auth-User: user | 121 Auth-User: user |
133 </example> | 135 </example> |
134 </para> | 136 </para> |
135 | 137 |
136 <para> | 138 <para> |
137 For the SMTP, the response additionally takes into account | 139 For the SMTP, the response additionally takes into account |
138 the <header>Auth-Error-Code</header> header — it is used | 140 the <header>Auth-Error-Code</header> header — if exists, it is used |
139 as a response code if exists. | 141 as a response code. |
140 Otherwise the code 535 5.7.0 will be added to | 142 Otherwise, the 535 5.7.0 code will be added to |
141 the <header>Auth-Status</header> by default. | 143 the <header>Auth-Status</header>. |
142 </para> | 144 </para> |
143 | 145 |
144 <para> | 146 <para> |
145 For example, if the following response is received | 147 For example, if the following response is received |
146 from the authentication server: | 148 from the authentication server: |
148 HTTP/1.0 200 OK | 150 HTTP/1.0 200 OK |
149 Auth-Status: Temporary server problem, try again later | 151 Auth-Status: Temporary server problem, try again later |
150 Auth-Error-Code: 451 4.3.0 | 152 Auth-Error-Code: 451 4.3.0 |
151 Auth-Wait: 3 | 153 Auth-Wait: 3 |
152 </example> | 154 </example> |
153 then the SMTP client will be given an error | 155 then the SMTP client will receive an error |
154 <example> | 156 <example> |
155 451 4.3.0 Temporary server problem, try again later | 157 451 4.3.0 Temporary server problem, try again later |
156 </example> | 158 </example> |
157 </para> | 159 </para> |
158 | 160 |