Authentication ?
graeme+inn-workers at mathie.cx
graeme+inn-workers at mathie.cx
Thu Jul 26 07:15:29 UTC 2001
On Wed, Jul 25, 2001 at 01:38:49PM -0500, qdivya1 at avnika.corp.mot.com wrote:
>
> I am interested in exploring two items:
>
> (1) Authenticating users against LDAP, and
This works, using pamckpasswd and pam_ldap.
> (2) Authorizing their access into Newsgroups based upon their membership
> in a group ..
Could you explain what you mean by this? If you mean that only users in
a particular group (say group 'reader') can login to the news server,
then that is trivial. Your nnrpd PAM configuration would like something
along the lines of:
nnrpd auth requisite pam_nologin.so
nnrpd auth required pam_wheel.so group=reader
nnrpd auth required pam_ldap.so
If instead you're looking for particular groups to have access to
particular hierarchies, a bit of hacking would be involved. It would
be possible to have an authenticator which returns both a user and a
group[1]. That would require modifying nnrpd/perm.c to grok the newly
returned field.
It would then be possible to have access stanza which allows access to
hierarchies based on group. Hrm, seeing as I'm planning on working on
code in that general area this weekend, I may look at implementing that
as a first step.
Of course, it's then getting to the stage that the authenticator may as
well return a Newsgroups: line which lists the newsgroups that a user
can access...
[1] Possibly a list of groups.
--
graeme+sig at mathie.cx http://www.mathie.cx/~graeme/
More information about the inn-workers
mailing list