[#13973] Allow providing netmask when $conf[auth][checkip] is checked
Summary Allow providing netmask when $conf[auth][checkip] is checked
Queue Horde Base
Queue Version Git master
Type Enhancement
State Accepted
Priority 1. Low
Requester arjen+horde@de-korte.org
Created 2015-04-30 (2096 days ago)
Updated 2016-01-22 (1829 days ago)
Patch No

arjen+horde@de-korte.org 2015-04-30 07:12:54
When  $conf[auth][checkip] is checked, users using an IPv6 connection 
will be logged out frequently when Privacy Extensions for SLAAC (RFC 
4941) are used (in many OSes, this will be the default address that is 
used for outbound connections. Typically, these addresses will timeout 
after a day, but the lifetime of an address may be as short as an hour 
(depending on what is reported by the router). Note that users don't 
have any control over the lifetime of these addresses, since the 
lifetime is determined by the router.

Of course, it woudl be possible to switch off $conf[auth][checkip] 
completely, but it is also possible to look at just the first 64 bits 
of the IPv6 address (the network part) as only the host part (the 
remaining 64 bits) will change. Therefor I propose to add a 
configuration option where only a configurable number of bits is 
checked (default: 64) in case a client is connected over IPv6.

arjen+horde@de-korte.org 2015-04-30 07:15:48