my distaste for readers.conf grows

Aidan Cully aidan at panix.com
Tue Nov 16 01:07:19 UTC 1999 

On Mon, Nov 15, 1999 at 01:56:01PM, Basil Kruglov said:
> On Mon, Nov 15, 1999 at 11:33:38AM -0800, Paul Theodoropoulos wrote:
> > 
> > I'm finding the readers.conf structure and syntax to be a pain in the arse.
> 
> :( i'm still trying to figure out what 'key:' does, and why my password
> authentication is not working.

Binds an auth {} realm to an access {} realm.  It was to allow people to
create an N to N to N mapping between connecting user, host, and
newsgroups that could be read.  E.g., if you want your staff to be able
to read internal newsgroups, but only from inside your networks, you
could:
auth "outside" {
	hosts: "*"
	auth: "passwd"
}
auth "inside" {
	key: "inside"
	hosts: "*.internal.domain.com"
	auth: "passwd"
	default-domain: "domain.com"
}
access "staff" {
	key: "inside"
	# note the key matches the 'inside' auth realm above.  This is to
	# force only users authenticating with passwords from
	# internal.domain.com to read these newsgroups.
	users: "staffer1, staffer2, staffer3"
	newsgroups: "*"
}
access "everyone" {
	# there's no key, so this access realm will match all auth realms
	# with no keys.
	users: "*"
	newsgroups: "*,!internal.*"
}

If you don't need to worry about this, the 'key' keyword is completely
unnecessary, and you should just forget about it.

> > We have numerous IP blocks, and numerous domains that are connecting. I'm 
> > finding it cumbersome (and confusing) to try to set up the auth and access 
> > stuff for each possible connecting 'realm'. I've no need for any fancy 
> > authentication - I'd really like a nice terse config file like the old 
> > nnrp.access...
> 
> sigh..

I think the perl authenticator that comes with INN will emulate the
old nnrp.access behaviour.

It's beginning to seem to me like the readers.conf has been an
unmitigated disaster, and all the feedback I've seen is making me
wish I'd never implemented it in the first place.  Does *anyone*
(besides me) actually prefer it to the old format?

--aidan
-- 
Aidan Cully       "I saw Judas carryin' the body/ Of John Wilkes Booth..
Not Panix Staff    Down there by the train..."
aidan at panix.com         -Johnny Cash

More information about the inn-workers mailing list