Skip to content

PKI

Overview

This is a simple authentication method, meant to be used with the SASL EXTERNAL mechanism. It simply accepts all usernames as long as they are validated by the SASL logic.

Warning

Some of its callbacks return hardcoded values, as it's impossible for this backend to properly acquire certain pieces of information. These include:

Function Hardcoded value Explanation
does_user_exist true PKI reponds with true to modules checking if user's interlocutor actually exists so e.g. messages to nonexistent users will always be stored by mod_mam. This is not necessarily a security threat but something to be aware of.
dirty_get_registered_users, get_vh_registered_users, get_vh_registered_users_number [] Any metrics or statistics (e.g. available via mongooseimctl) related to accounts list or numbers, won't display proper values, as this backend cannot possibly "know" how many users there are.

Configuration options

None.

Example

1
[auth.pki]