Ok, I have completely messed my readers.conf file up...

Russ Allbery rra at stanford.edu
Tue Aug 21 01:54:35 UTC 2001


Jeffrey Davis <jeff at xsusio.com> writes:

> I want to be able to allow users with local accounts on my box to
> connect from ANY host as long as they have the correct password.

> With the above setup I get a 502 authentication error from Outlook
> Express.

The following bit is in the ckpasswd man page in CURRENT; I forget if it's
in STABLE:

     -s  Check passwords against the result of getspnam(3) instead of
         getpwnam(3).  This function, on those systems that supports it,
         reads from /etc/shadow or similar more restricted files.  If you
         want to check passwords supplied to nnrpd(8) against system
         account passwords, you will probably have to use this option on
         most systems.

         Most systems require special privileges to call getspnam(3), so
         in order to use this option you may need to make ckpasswd setgid
         to some group (like group "shadow") or even setuid root.
         ckpasswd has not been specifically audited for such uses!  It is,
         however, a very small program that you should be able to check by
         hand for security.

         This configuration is not recommended if it can be avoided, since
         the NNTP protocol has no way of protecting passwords from casual
         interception, and using system passwords to authenticate NNTP
         connections therefore opens you up to the risk of password
         sniffing.  If you do use system passwords to authenticate
         connections, you should seriously consider only doing NNTP
         through ssh tunnels or over SSL.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>


More information about the inn-workers mailing list