readers.conf question

Russ Allbery rra at stanford.edu
Sat Mar 3 07:38:18 UTC 2001


Bettina Fink <laura at hydrophil.de> writes:

> I think even the absence of an "users:" parameter doesn't catch an
> "empty" identity.

And yup, you're right.

> And BTW, this is the authentication example from the new man page,
> Katsuhiro (?) just added a default identity:

>            auth all {
>                auth: "ckpasswd -d /usr/local/news/db/newsusers"
>                auth: "ckpasswd -s"
>                default: <NOPASSWD>
>            }

>            access fail {
>                newsgroups: !*
>            }

>            access full {
>                users: *
>                newsgroups: *
>            }

> But with a default identity, the "full" access realm matches hosts that
> don't authenticate or fail authentication (they get / keep the default
> identity), and this realm is the last matching realm ...

Right.  I've now changed this to:

    auth all {
        auth: "ckpasswd -d /usr/local/news/db/newsusers"
        auth: "ckpasswd -s"
    }

    access full {
        users: *
        newsgroups: *
    }

which does work as intended and is even shorter.  This works fine for
folks who don't want to provide any access at all to users until they
authenticate.

> And the explanations for the authentication example now is completely
> wrong ...

Should be right now.  I just checked in various fixes to the
documentation.  Thanks very much for pointing out my mistake!

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>


More information about the inn-workers mailing list