ckpasswd

Jeffrey M. Vinocur jeff at litech.org
Tue Nov 15 03:10:10 UTC 2005


On Nov 14, 2005, at 10:02 AM, TungHuang Lu wrote:

> auth default {
>   hosts: *
>   default: <RESTRICT>
> }
> access default {
>   users: <RESTRICT>
>   newsgroups: "*, !GroupA"
> !control*, !junk"
> }
>
> auth authuser {
>   hosts: *
>   auth: "ckpasswd -f /path/innpasswd"
>   default: <FULL>
> }
>
> access authuser {
>   users: <FULL>
>   newsgroups: "*, !control*, !junk"
> }
>
> My idea is restrict access of groupA only for autenticated
> users. But when I was trying to made a subscription using
> Mozilla Thunderbird I can access all of groups even without
> any autentication. So, I think that ckpasswd is buged.

There's nothing wrong with ckpasswd.  Your readers.conf is incorrect,  
though.  It's confusing, so read the documentation carefully.

All connections will use the "authuser" auth block.  The "default"  
authblock will never be used.

And the default: identity is used only when ckpasswd is -not- being  
used to assign an identity.

Therefore all of your users get an identity of <FULL> before they  
authenticate, and some other identity (their usernames) after they  
authenticate.

Try this:

auth all {
   hosts: *
   auth: "ckpasswd -f /path/innpasswd"
   default: <RESTRICT>
}

access authuser {
   users: "*,!<RESTRICT>"
   newsgroups: "*, !control*, !junk
}

access default {
   users: "<RESTRICT>"
   newsgroups: "*, !GroupA, !control*, !junk"
}



-- 
Jeffrey M. Vinocur
jeff at litech.org




More information about the inn-bugs mailing list