Authentication blues

Russ Allbery rra at
Sat Feb 24 22:48:36 UTC 2001

Zenon Panoussis <oracle at> writes:

> With the following configuration, clients from <localnet> can connect,
> see all newsgroups and read, while clients from anywhere else are asked
> to authenticate themselves. The authentication procedure works fine, but
> then the server replies "no newsgroups".

That's because there's no matching access group for the ckpasswd entry.

> auth "cleared" {
>      hosts:    "*"
>      auth:     "ckpasswd -f /usr/local/news/etc/passwords"
> }

Okay, so the user is going to get set to whatever user the user
authenticates as.

> access "cleared" {
>      users:      "<cleared>"
>      read:       "*"
> }

This matches a user "<cleared>".  So unless someone actually logs on as
the literal user "<cleared>", nothing is going to match this access group.

There are two ways to do this; probably the easiest given your
configuration is to replace both of your access groups with just:

access "okay" {
    users: *
    read: *

since if the connection gets a user string, you want to let them read
everything.  Then you can leave your existing auth groups alone.  (There
are several other ways to solve this same problem.)

Russ Allbery (rra at             <>

More information about the inn-workers mailing list