older 2.3 INN ... bug in readers.conf/nnrp?
The Hermit Hacker
scrappy at hub.org
Tue Jun 6 12:09:58 UTC 2000
quick followup to this ... simply commenting out the 'radius auth' section
disabled external access ... did I screw up how I wrote that section? :(
On Tue, 6 Jun 2000, The Hermit Hacker wrote:
>
> Can anyone tell me if there was a security bug, maybe, in an older nnrpd
> along the 2.3 strain? Or, did I screw up this very simple looking
> readers.conf ... I *thought* I had it set so that anyone that had a
> userid/passwd *or* was on the local campus, could connect and everyone
> else was denied by default. Yet, I just found out, this has opened me up
> to anyone reading *and* posting news on our server :(
>
> ## $Revision: 1.1 $
> ## readers.conf -- access file for NNTP readers.
>
> auth "default" {
> # allow authenticated users to read/post everywhere
> hosts: "*"
> default: "local-user at acadiau.ca"
> auth: "radius -f /news/admin/etc/radius.conf"
> default-domain: "acadiau.ca"
> }
> auth "default" {
> hosts: "*.acadiau.ca,131.162.*"
> default: "local-user at acadiau.ca"
> }
> # ordinary users
> access "default" {
> # users can read/post to all but our internal newsgroups.
> users: "*"
> newsgroups: "*"
> access: "Read Post"
> }
>
>
> Marc G. Fournier ICQ#7615664 IRC Nick: Scrappy
> Systems Administrator @ hub.org
> primary: scrappy at hub.org secondary: scrappy@{freebsd|postgresql}.org
>
>
>
Marc G. Fournier ICQ#7615664 IRC Nick: Scrappy
Systems Administrator @ hub.org
primary: scrappy at hub.org secondary: scrappy@{freebsd|postgresql}.org
More information about the inn-workers
mailing list