Authentication of readers

Julien Lajeunesse julien.lajeunesse at hermes.usherb.ca
Mon May 8 17:19:57 UTC 2000 

Hi everybody,

I just subscribed to the mailing-list, and this is the first time I
setup an INN server, so I guess that somehow this is a newbie question
;-). Everything went well for the installation, my problem is really
just a detail so everything can work nicely. So far I read all that I
found on the Internet (which is not so much, in fact... is it just me or
there's not much online documentation for INN?), but it usually deals
more with troubleshooting newsfeed and the such, which I don't need/want
to do. The server I installed is a private newsgroup server so people in
the company can post and read (mainly for developpers and project
managers).

I want to set up some kind of authentication mecanism so only people who
have an account can access the newsserver. I did this with
/etc/news/nnrp.access, in which I listed every users I wanted to be able
to access the news server with a password, like this:

*:RP:username1:password:local.dev.*
*:RP:username2:password:local.management.*
etc.

The newsserver is accessible from anywhere, for example some people work
at home, other in various offices, other on the road, so I cannot set up
access rules based on domain names or IP addresses since they can be
almost anything. I don't mind adding or removing a user by hand, since
the company is small enough (anyway I can just cat /etc/passwd | awk ...
to automatically get an updated list of my users, does anybody sees a
security flaw with that?), but I would like the password management to
be done automagically.

Now, I read in the nnrp.access manpage that if I put a + instead of the
password, the password will be passed to crypt and then matched against
the /etc/passwd file or whatever file is used to authenticate users on
my system. This would be perfect! So if someone changes his/her
password, the news password is also "changed". But... it doesn't work.
If I put a line like

*:RP:username1(which exists on the system):+:local.*

in my nnrp.access, and then I try to login with username1 and its
password, it doesn't work. I tried username1 and + as the password, and
it logged me on!! So is this feature supposed to work? Is there another
(or a better) way to do this?

By the way I am running Linux, Mandrake 6.something and RedHat 6.1 also.

Many thanks in advance,

Julien Lajeunesse

More information about the inn-workers mailing list