Ok, I have completely messed my readers.conf file up...
Russ Allbery
rra at stanford.edu
Tue Aug 21 01:54:35 UTC 2001
Jeffrey Davis <jeff at xsusio.com> writes:
> I want to be able to allow users with local accounts on my box to
> connect from ANY host as long as they have the correct password.
> With the above setup I get a 502 authentication error from Outlook
> Express.
The following bit is in the ckpasswd man page in CURRENT; I forget if it's
in STABLE:
-s Check passwords against the result of getspnam(3) instead of
getpwnam(3). This function, on those systems that supports it,
reads from /etc/shadow or similar more restricted files. If you
want to check passwords supplied to nnrpd(8) against system
account passwords, you will probably have to use this option on
most systems.
Most systems require special privileges to call getspnam(3), so
in order to use this option you may need to make ckpasswd setgid
to some group (like group "shadow") or even setuid root.
ckpasswd has not been specifically audited for such uses! It is,
however, a very small program that you should be able to check by
hand for security.
This configuration is not recommended if it can be avoided, since
the NNTP protocol has no way of protecting passwords from casual
interception, and using system passwords to authenticate NNTP
connections therefore opens you up to the risk of password
sniffing. If you do use system passwords to authenticate
connections, you should seriously consider only doing NNTP
through ssh tunnels or over SSL.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the inn-workers
mailing list