sasl.conf: Possible bad man-page and sample

Felix E. Klee felix.klee at
Thu Nov 25 18:49:52 UTC 2004


two possible bugs concerning nnrp over SSL (INN 2.4.1):

1. man page sasl.conf(5):

   In the key certificate creation example, the parameter "-keyout
   /usr/local/news/lib/cert.pem" should be replaced by -keyout
   /usr/local/news/lib/key.pem".  Also, in addition, the paths should be
   matched with those in the sample sasl.conf.  The chown- and
   chmod-lines should also be adapted.  In a nutshell, a working example
   could be this:

   openssl req -new -x509 -nodes -out /usr/lib/news/lib/cert.pem\
   -days 366 -keyout /usr/lib/news/lib/key.pem
   chown news:news /usr/lib/news/lib/cert.pem
   chmod 640 /usr/lib/news/lib/cert.pem
   chown news:news /usr/lib/news/lib/key.pem
   chmod 600 /usr/lib/news/lib/key.pem

2. Sample /etc/news/sasl.conf:

   Also, the line
   tls_key_file:           /usr/lib/news/lib/cert.pem

   should be replaced by

   tls_key_file:           /usr/lib/news/lib/key.pem

Note that I have close to no experience with setting up SSL encryption.
However, the above flaws just seem obvious to me.

BTW, it would also be nice if there were a little tutorial for setting
up SSL support for INN.  For example, it took me quite some time to
figure out how to set up inetd.  Here's what I currently have in my

# NNTP via SSL
nntps stream tcp nowait news /usr/lib/news/bin/nnrpd /usr/lib/news/bin/nnrpd -S


More information about the inn-bugs mailing list