bug in nnrpd password?

Usenet News Administrator news at agate.berkeley.edu
Tue Apr 11 04:00:26 UTC 2000


I am working on a home-grown handler to allow Kerberos proxy
authentication in nnrpd (inn 2.3-current as of about a week ago).  It
appears that when nnrpd hands off the password (or passphrase) via stdin
to the handler, it truncates the password if it contains spaces.  For
example, in the process of debugging, I had the handler print out all of
the info it was getting from nnrpd.  If I tried to log in as user usenet
and a passphrase like "No news is good news!", I got the following:

ClientHost: hostname.berkeley.edu
ClientIP: <the correct ip address>
LocalIP: <the correct ip address>
LocalPort: 563
ClientAuthname: usenet
ClientPassword: No

Note that the passphrase gets truncated at the first space.  Since spaces
are significant in Kerberos passphrases (and some unix passwords), this
limits who can authenticate.

I haven't even begun to look at the nnrpd source code, so I don't even
know where to start in terms of patching.  I am copping out and sending a
bug report (sorry!).

Also, is it better to be writing this to be invoked from readers.conf, as
I am currently doing, or is nnrpdperlauth a better way to go?  (I do like
the ability of the nnrpdperlauth mechanism to have the perl program
specify the nntp response code given to the user, but it looks like
nnrpdperlauth is going to be replaced by or merged into readers.conf.)


Michael Sinatra			usenet at agate.berkeley.edu
Usenet News Admin		IST - Communication & Network Svcs.
             University of California, Berkeley

More information about the inn-workers mailing list