readers.conf question

Bettina Fink laura at hydrophil.de
Thu Mar 1 18:29:03 UTC 2001


Hi,

after finally getting readers.conf doing what I want, there's
a question left: I want access from all hosts, if they authen-
ticate, they can read and post, if not, they can only read
and have no access to several groups.

I've first tried:

auth "all" {
	hosts: *
	auth: "ckpasswd -f /usr/local/news/etc/newsusers"
}

access "fail" {
	read: "*,!some.groups"
}

access "full" {
	users: *
	newsgroups: *
}

As described in the man page (it's nearly the same setup as
the example in the man page, the only difference is that I
used "read" instead of "newsgroups"):

No res: key and no default: key, so all connects first get an
empty identity. An empty identity can't match a users: parameter,
so they fall into the "fail" access group.

But that setup didn't worked. nnrpd insists on "480". I expected
that nnrpd gives "no posting" (read: "*,!some.groups") to all
connects that don't authenticate. But all it says was "480"
(auth required).

So I've played around and changed some things and finally got it
working the way I want:

auth "external" {
        hosts: *
        auth: "ckpasswd -f /usr/local/news/etc/newsusers"
        default: "<fail>"
}

access "full" {
        users: *
        newsgroups: *
}

access "fail" {
        users: "<fail>"
        read: "*,!some.groups"
}

It's nearly the same, I just added a default identity ("<fail>")
and changed the order of the two access groups, because now "users:
"<fail>"" is more specific and must be placed after the "users: *"
access group (last match rule).

So far so nice (except for my headache ;-), but I don't understand
why the first setup didn't worked.

Bye,
Bettina


More information about the inn-workers mailing list