INN commit: trunk/doc/pod (4 files)

INN Commit Russ_Allbery at isc.org
Thu Mar 20 16:24:00 UTC 2008


    Date: Thursday, March 20, 2008 @ 09:24:00
  Author: iulius
Revision: 7714

Clarify the use of NNTPS (563) and NNTP (119) with STARTTLS.

Modified:
  trunk/doc/pod/checklist.pod
  trunk/doc/pod/install.pod
  trunk/doc/pod/nnrpd.pod
  trunk/doc/pod/readers.conf.pod

------------------+
 checklist.pod    |    6 +++++-
 install.pod      |   10 +++++++---
 nnrpd.pod        |   13 ++++++++-----
 readers.conf.pod |    3 ++-
 4 files changed, 22 insertions(+), 10 deletions(-)

Modified: checklist.pod
===================================================================
--- checklist.pod	2008-03-20 14:26:12 UTC (rev 7713)
+++ checklist.pod	2008-03-20 16:24:00 UTC (rev 7714)
@@ -316,10 +316,14 @@
 F<readers.conf> file or use two different files (for instance F<readers.conf>
 and F<readers-ssl.conf>).  The syntax is similar for both these files.
 You then need to start a second B<nnrpd> to listen to these connections
-and put something like that in your init scripts:
+to NNTPS port 563 and put something like that in your init scripts:
 
     su news -c '~news/bin/nnrpd -D -c ~news/etc/readers-ssl.conf -p 563 -S'
 
+Note that a news client which supports the STARTTLS command can also
+use the conventional NNTP port 119 to initiate a TLS connection.  However,
+such clients are not widespread yet.
+
 =back
 
 =cut

Modified: install.pod
===================================================================
--- install.pod	2008-03-20 14:26:12 UTC (rev 7713)
+++ install.pod	2008-03-20 16:24:00 UTC (rev 7714)
@@ -1554,16 +1554,20 @@
 for people using System V-style init.d directories.
 
 If you wish to use TLS/SSL for your readers, you need to start a second
-B<nnrpd> to listen to these connections and put something like that in
-your init scripts:
+B<nnrpd> to listen to these connections to NNTPS port 563 and put something
+like that in your init scripts:
 
     su news -c '/usr/local/news/bin/nnrpd -D -c /usr/local/news/etc/readers-ssl.conf -p 563 -S'
 
 where F<readers-ssl.conf> is the file which indicates whether a given
 connection is allowed to read and post news (you can also use the
 previously created F<readers.conf> file to handle TLS/SSL connections).
-In the shut down section of the init script, you can put:
+Note that a news client which supports the STARTTLS command can also
+use the conventional NNTP port 119 to initiate a TLS connection.  However,
+such clients are not widespread yet.
 
+In the shutdown section of the init script, you can put:
+
     su news -c 'killall nnrpd'
 
 =head1 Processing Newsgroup Control Messages

Modified: nnrpd.pod
===================================================================
--- nnrpd.pod	2008-03-20 14:26:12 UTC (rev 7713)
+++ nnrpd.pod	2008-03-20 16:24:00 UTC (rev 7714)
@@ -197,14 +197,17 @@
 for connections to that port and then spawn B<nnrpd> the way that it does
 for regular reader connections.  You will therefore need to arrange for
 B<nnrpd> to listen on that port through some other means.  This can be
-done with the B<-D> flag (and C<-P 563>), but the easiest way is probably
-to add a line like:
+done with the B<-D> flag (and C<-p 563>) and put into your init scripts:
 
-    nntps stream tcp nowait news /usr/lib/news/bin/nnrpd nnrpd -S
+    su news -c '<pathbin>/nnrpd -D -p 563 -S'
 
+but the easiest way is probably to add a line like:
+
+    nntps stream tcp nowait news <pathbin>/nnrpd nnrpd -S
+
 to F</etc/inetd.conf> or the equivalent on your system and let B<inetd>
-run B<nnrpd>.  (Change the path to B<nnrpd> to match your installation if
-needed.)  You may need to replace C<nntps> with C<563> if C<nntps> isn't
+run B<nnrpd>.  (Change the path to B<nnrpd> to match your installation.)
+You may need to replace C<nntps> with C<563> if C<nntps> isn't
 defined in F</etc/services> on your system.
 
 =head1 PROTOCOL DIFFERENCES

Modified: readers.conf.pod
===================================================================
--- readers.conf.pod	2008-03-20 14:26:12 UTC (rev 7713)
+++ readers.conf.pod	2008-03-20 16:24:00 UTC (rev 7714)
@@ -795,7 +795,8 @@
 =item *
 
 Consider running a C<nnrpd -S> (with C<-D>, or out of "super-server"
-like inetd) on the nntps port (563) for clients that support SSL.  You
+like B<inetd>) on the NNTPS port (563) for clients that support SSL.  See
+nnrpd(8) for more details about how to configure that.  You
 can use the require_ssl: parameter, or C<-c> to specify an alternate
 F<readers.conf> if you want a substantially different configuration for
 this case.



More information about the inn-committers mailing list