readers.conf question

Bettina Fink laura at hydrophil.de
Wed Mar 14 21:25:49 UTC 2001


A little late, but I hadn't time to re-read everything carefully
until today ...

Aidan Cully <aidan at panix.com> wrote:

>> auth "external" {
>>         hosts: *
>>         auth: "ckpasswd -f /usr/local/news/etc/newsusers"
>>         default: "<fail>"
>> }
>> 
>> access "full" {
>>         users: *
>>         newsgroups: *
>> }
>> 
>> access "fail" {
>>         users: "<fail>"
>>         read: "*,!some.groups"
>> }

> [snip]

> Actually, if that is what's going on, I'm not sure that the re-ordering
> would solve your problem anyway, since authenticated users would probably
> also match the second access group...  I dislike <FAIL>-type default
> users in principle, since you could (theoretically) have a user named
> <FAIL> on your system...  Perhaps what's needed is a 'no-user' type
> keyword in the access block?

There is the (theoretical) possibilitity that an authenticated and
valid user named "<fail>" matches the second access group and gets
less access than he should. It's very unlikely, but possible, I agree.

So I have to keep in mind not to name a user "<fail>". :-)

And AFAICS there is no better solution for my setup (if authenticated,
read and post everything, if not authenticated, only read access to
a limited number of groups). Or am I missing anything?

mh, BTW: The latest STABLE snapshot on ftp.isc.org is inn-STABLE-
20010312.tar.gz. Looks like something needs a little kick ...

Bye,
Bettina


More information about the inn-workers mailing list