Authentication ?

graeme+inn-workers at mathie.cx graeme+inn-workers at mathie.cx
Thu Jul 26 07:15:29 UTC 2001


On Wed, Jul 25, 2001 at 01:38:49PM -0500, qdivya1 at avnika.corp.mot.com wrote:
> 
> I am interested in exploring two items:
> 
> (1) Authenticating users against LDAP, and

This works, using pamckpasswd and pam_ldap.

> (2) Authorizing their access into Newsgroups based upon their membership
> in a group ..

Could you explain what you mean by this?  If you mean that only users in
a particular group (say group 'reader') can login to the news server,
then that is trivial.  Your nnrpd PAM configuration would like something
along the lines of:

nnrpd   auth    requisite    pam_nologin.so
nnrpd   auth    required     pam_wheel.so group=reader
nnrpd   auth    required     pam_ldap.so

If instead you're looking for particular groups to have access to
particular hierarchies, a bit of hacking would be involved.  It would
be possible to have an authenticator which returns both a user and a
group[1].  That would require modifying nnrpd/perm.c to grok the newly
returned field.

It would then be possible to have access stanza which allows access to
hierarchies based on group.  Hrm, seeing as I'm planning on working on
code in that general area this weekend, I may look at implementing that
as a first step.

Of course, it's then getting to the stage that the authenticator may as
well return a Newsgroups: line which lists the newsgroups that a user
can access...

[1] Possibly a list of groups.
-- 
graeme+sig at mathie.cx                          http://www.mathie.cx/~graeme/


More information about the inn-workers mailing list