Authentication blues
Russ Allbery
rra at stanford.edu
Sat Feb 24 22:48:36 UTC 2001
Zenon Panoussis <oracle at xs4all.nl> writes:
> With the following configuration, clients from <localnet> can connect,
> see all newsgroups and read, while clients from anywhere else are asked
> to authenticate themselves. The authentication procedure works fine, but
> then the server replies "no newsgroups".
That's because there's no matching access group for the ckpasswd entry.
> auth "cleared" {
> hosts: "*"
> auth: "ckpasswd -f /usr/local/news/etc/passwords"
> }
Okay, so the user is going to get set to whatever user the user
authenticates as.
> access "cleared" {
> users: "<cleared>"
> read: "*"
> }
This matches a user "<cleared>". So unless someone actually logs on as
the literal user "<cleared>", nothing is going to match this access group.
There are two ways to do this; probably the easiest given your
configuration is to replace both of your access groups with just:
access "okay" {
users: *
read: *
}
since if the connection gets a user string, you want to let them read
everything. Then you can leave your existing auth groups alone. (There
are several other ways to solve this same problem.)
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the inn-workers
mailing list