INN commit: trunk/doc/pod (4 files)
INN Commit
Russ_Allbery at isc.org
Thu Mar 20 16:24:00 UTC 2008
Date: Thursday, March 20, 2008 @ 09:24:00
Author: iulius
Revision: 7714
Clarify the use of NNTPS (563) and NNTP (119) with STARTTLS.
Modified:
trunk/doc/pod/checklist.pod
trunk/doc/pod/install.pod
trunk/doc/pod/nnrpd.pod
trunk/doc/pod/readers.conf.pod
------------------+
checklist.pod | 6 +++++-
install.pod | 10 +++++++---
nnrpd.pod | 13 ++++++++-----
readers.conf.pod | 3 ++-
4 files changed, 22 insertions(+), 10 deletions(-)
Modified: checklist.pod
===================================================================
--- checklist.pod 2008-03-20 14:26:12 UTC (rev 7713)
+++ checklist.pod 2008-03-20 16:24:00 UTC (rev 7714)
@@ -316,10 +316,14 @@
F<readers.conf> file or use two different files (for instance F<readers.conf>
and F<readers-ssl.conf>). The syntax is similar for both these files.
You then need to start a second B<nnrpd> to listen to these connections
-and put something like that in your init scripts:
+to NNTPS port 563 and put something like that in your init scripts:
su news -c '~news/bin/nnrpd -D -c ~news/etc/readers-ssl.conf -p 563 -S'
+Note that a news client which supports the STARTTLS command can also
+use the conventional NNTP port 119 to initiate a TLS connection. However,
+such clients are not widespread yet.
+
=back
=cut
Modified: install.pod
===================================================================
--- install.pod 2008-03-20 14:26:12 UTC (rev 7713)
+++ install.pod 2008-03-20 16:24:00 UTC (rev 7714)
@@ -1554,16 +1554,20 @@
for people using System V-style init.d directories.
If you wish to use TLS/SSL for your readers, you need to start a second
-B<nnrpd> to listen to these connections and put something like that in
-your init scripts:
+B<nnrpd> to listen to these connections to NNTPS port 563 and put something
+like that in your init scripts:
su news -c '/usr/local/news/bin/nnrpd -D -c /usr/local/news/etc/readers-ssl.conf -p 563 -S'
where F<readers-ssl.conf> is the file which indicates whether a given
connection is allowed to read and post news (you can also use the
previously created F<readers.conf> file to handle TLS/SSL connections).
-In the shut down section of the init script, you can put:
+Note that a news client which supports the STARTTLS command can also
+use the conventional NNTP port 119 to initiate a TLS connection. However,
+such clients are not widespread yet.
+In the shutdown section of the init script, you can put:
+
su news -c 'killall nnrpd'
=head1 Processing Newsgroup Control Messages
Modified: nnrpd.pod
===================================================================
--- nnrpd.pod 2008-03-20 14:26:12 UTC (rev 7713)
+++ nnrpd.pod 2008-03-20 16:24:00 UTC (rev 7714)
@@ -197,14 +197,17 @@
for connections to that port and then spawn B<nnrpd> the way that it does
for regular reader connections. You will therefore need to arrange for
B<nnrpd> to listen on that port through some other means. This can be
-done with the B<-D> flag (and C<-P 563>), but the easiest way is probably
-to add a line like:
+done with the B<-D> flag (and C<-p 563>) and put into your init scripts:
- nntps stream tcp nowait news /usr/lib/news/bin/nnrpd nnrpd -S
+ su news -c '<pathbin>/nnrpd -D -p 563 -S'
+but the easiest way is probably to add a line like:
+
+ nntps stream tcp nowait news <pathbin>/nnrpd nnrpd -S
+
to F</etc/inetd.conf> or the equivalent on your system and let B<inetd>
-run B<nnrpd>. (Change the path to B<nnrpd> to match your installation if
-needed.) You may need to replace C<nntps> with C<563> if C<nntps> isn't
+run B<nnrpd>. (Change the path to B<nnrpd> to match your installation.)
+You may need to replace C<nntps> with C<563> if C<nntps> isn't
defined in F</etc/services> on your system.
=head1 PROTOCOL DIFFERENCES
Modified: readers.conf.pod
===================================================================
--- readers.conf.pod 2008-03-20 14:26:12 UTC (rev 7713)
+++ readers.conf.pod 2008-03-20 16:24:00 UTC (rev 7714)
@@ -795,7 +795,8 @@
=item *
Consider running a C<nnrpd -S> (with C<-D>, or out of "super-server"
-like inetd) on the nntps port (563) for clients that support SSL. You
+like B<inetd>) on the NNTPS port (563) for clients that support SSL. See
+nnrpd(8) for more details about how to configure that. You
can use the require_ssl: parameter, or C<-c> to specify an alternate
F<readers.conf> if you want a substantially different configuration for
this case.
More information about the inn-committers
mailing list