no newsgroups?

Russ Allbery rra at stanford.edu
Thu Apr 18 22:40:58 UTC 2002


Meghan <mwingate at pmc-inc.com> writes:

> Wow!  That worked, thanks!!  I guess I just didn't understand that there
> are two steps to the authentication.

Just to be completely pedantic....  :)

There aren't two steps to authentication.  Rather, readers.conf separates
authentication from authorization (something that I really wish more
systems would do, because it's a fundamentally sounder security design).

The auth blocks in readers.conf assign an identity to a given connection.
This is the authentication phase.  The access blocks then grant privileges
to particular authenticated users.  This is the authorization phase.  If
the user has only been authenticated, that answers the question "who are
you?" but doesn't answer the question "what are you allowed to do?" and
therefore INN doesn't let them do anything at all.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>

    Please send questions to the list rather than mailing me directly.
     <http://www.eyrie.org/~eagle/faqs/questions.html> explains why.


More information about the inn-workers mailing list