INN/NNRPD Authentication for individual newsgroup access
Thomas Rother
t.rother at gaia.de
Tue Oct 19 07:09:09 UTC 1999
Hi,
I have a question concerning our current work on some authentification
mode for NNTP access to closed newsgroups. We want to use INN 2.2 or
2.3 for this and I need some hints fron inn developers how to go
further, as I could not get any clear answers in news.software.nntp.
We are running a mail server in our network which includes a user
database. On the same machine, we have a non-nntp newsserver which
grants "fine-tuned" read access to certain internal (closed) newsgroups.
We want to transfer these newsgroup-access rights from the user database
into the INN (nnrpd) on the fly. That means the following:
1) a user connects to INN/nnrpd with a login name and password. An
authentication request is made: login name and password are checked
against our external user database.
2) a C program reads the user database on the other machine and returns
a data stream to nnrpd
3) This program not only returns a yes/no decision on the overall access
to INN but a detailed list of access rights, such as this:
*,z-netz.wichtig,!sys.*,!solinet.*,solinet.*,!soc.feminism,!server.*,!sekg.*,!sekg.sekg_ag.*,!hrnet.*,hrnet.*,!gp.*
(see access realm in readers.conf with the "newsgroups:" keyword).
4) nnrpd grants or denies read/write access to those groups which are
NOT excluded here
The trick is that every user gets his "personal" newsgroups tree, based
on the unique access rights whch are listed in the user database.
Step 1) and 2) are already done, step 3) is nearly solved. But we need
to feed those data into nnrpd so that it can handle individual access
rights.
I understand that plain authentication through externals programs is
already solved and done through the auth directive in readers.conf. But
I can not see a way (at least no obvious one ;-) ) to include newsgroup
access rights into an authentification process.
Questions:
-- How can such authentification be implemented?
-- Is it possible with inn 2.2 or 2.3 (I looked at the snapshots for
2.3)?
-- Do we need some "nnrpd hacking" and has anyone done a similar
approach before?
If it works, we will provide our patches to INN ;-).
Greetings, Thomas
GAIA e.V. Stuttgart/Germany
http://www.gaia.de
More information about the inn-patches
mailing list