AUTHINFO SSL Patch

James F. Hranicky jfh at cise.ufl.edu
Fri Apr 20 17:53:41 UTC 2001


"Jeffrey M. Vinocur" <jeff at litech.org> wrote: 
> 
> Hmm.  Would people like having a feature added to nnrpd such that a
> readers.conf access stanza could be tagged in such a way that any user
> matching it would receive an arbitrary error message.  Like this
> ("ssl-required" is the patch I talk about above, "reject" is the new thing
> I'm thinking of):
> 
> auth "foo-plain" {
>   hosts: "10.*"
>   ssl-required: no
>   default: <NEEDSSL>
> }
> 
> auth "foo-ssl" {
>   hosts: "10.*"
>   ssl-required: yes
>   auth: "ckpasswd"
> }
> 
> access "bar" {
>   users: "*"
>   newsgroups: "*"
> }
> access "deny" {
>   users: <NEEDSSL>
>   reject: "Sorry, to connect from your IP you need SSL."
> }
> 
> that would give the functionality you want, I think.

Well, I plan on giving off-site users the ability to read certain
groups and not post, while giving authenticated users full access.

I don't care if the remote users use SSL *unless* then try to send
me their username and password. That's the functionality my patch
gives.

Jim


More information about the inn-workers mailing list