readers.conf question
Bettina Fink
laura at hydrophil.de
Wed Mar 14 21:25:49 UTC 2001
A little late, but I hadn't time to re-read everything carefully
until today ...
Aidan Cully <aidan at panix.com> wrote:
>> auth "external" {
>> hosts: *
>> auth: "ckpasswd -f /usr/local/news/etc/newsusers"
>> default: "<fail>"
>> }
>>
>> access "full" {
>> users: *
>> newsgroups: *
>> }
>>
>> access "fail" {
>> users: "<fail>"
>> read: "*,!some.groups"
>> }
> [snip]
> Actually, if that is what's going on, I'm not sure that the re-ordering
> would solve your problem anyway, since authenticated users would probably
> also match the second access group... I dislike <FAIL>-type default
> users in principle, since you could (theoretically) have a user named
> <FAIL> on your system... Perhaps what's needed is a 'no-user' type
> keyword in the access block?
There is the (theoretical) possibilitity that an authenticated and
valid user named "<fail>" matches the second access group and gets
less access than he should. It's very unlikely, but possible, I agree.
So I have to keep in mind not to name a user "<fail>". :-)
And AFAICS there is no better solution for my setup (if authenticated,
read and post everything, if not authenticated, only read access to
a limited number of groups). Or am I missing anything?
mh, BTW: The latest STABLE snapshot on ftp.isc.org is inn-STABLE-
20010312.tar.gz. Looks like something needs a little kick ...
Bye,
Bettina
More information about the inn-workers
mailing list