[Tickets #13973] Allow providing netmask when $conf[auth][checkip] is checked
noreply at bugs.horde.org
noreply at bugs.horde.org
Thu Apr 30 07:12:55 UTC 2015
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: https://bugs.horde.org/ticket/13973
------------------------------------------------------------------------------
Ticket | 13973
Created By | arjen+horde at de-korte.org
Summary | Allow providing netmask when $conf[auth][checkip] is
| checked
Queue | Horde Base
Version | 5.2.5
Type | Enhancement
State | New
Priority | 1. Low
Milestone |
Patch |
Owners |
------------------------------------------------------------------------------
arjen+horde at de-korte.org (2015-04-30 07:12) wrote:
When $conf[auth][checkip] is checked, users using an IPv6 connection
will be logged out frequently when Privacy Extensions for SLAAC (RFC
4941) are used (in many OSes, this will be the default address that is
used for outbound connections. Typically, these addresses will timeout
after a day, but the lifetime of an address may be as short as an hour
(depending on what is reported by the router). Note that users don't
have any control over the lifetime of these addresses, since the
lifetime is determined by the router.
Of course, it woudl be possible to switch off $conf[auth][checkip]
completely, but it is also possible to look at just the first 64 bits
of the IPv6 address (the network part) as only the host part (the
remaining 64 bits) will change. Therefor I propose to add a
configuration option where only a configurable number of bits is
checked (default: 64) in case a client is connected over IPv6.
More information about the bugs
mailing list