Some questions from a new user

Jeffrey M. Vinocur jeff at litech.org
Fri Jun 28 08:05:07 UTC 2002


On Thu, 27 Jun 2002, Scott Ream wrote:

> I've been monitoring this list for a bit and feel comfortable asking some
> beginner level questions.  I have read a lot of the documentation

I think you're not entirely comfortable with how the news peering 
infrastructure works, but that will come with time.


> 1)  Are there any issues with INN on OpenBSD?  I didn't find any on google
> but I thought it was a good idea to ask.

I can't speak to this ... should be fine, though.


> 2)  Is my proposed hardware setup sufficient?  

*laugh*  You didn't tell us the number of articles per day, but I 
expect it's similarly small.  You would have to try pretty hard to 
find hardware that couldn't handle that.


> 2)  Getnews for securecomp groups from securecomp server and local groups
> from my local dnews server

I don't understand "getnews" -- oh, for INN people usually use 'suck' or 
'newsx'.


> 4)  Change the rdr in my nat router from the dnews box to the inn box
> 
> Will the above work?  Will it be transparent to a users newsreader or will
> they have delete and then add the server in their reader?

The articles numbers will be different, so all of their clients will be 
confused (and they will lose all of the read/unread article markings they 
have made).  You can get around with some effort by:

- set everything up, make sure it works
- wipe out the history and overview for INN and regenerate like new
- turn on xrefslave in inn.conf
- disable incoming articles and posting on the diablo machine briefly
- do something like #3.9 of http://www.eyrie.org/~eagle/faqs/inn.html
- switch the redirect

Then the clients will not notice a change.  The directions in the FAQ I 
mention above won't work as you're not running INN on the source machine; 
you'd need to find an equivalent for Diablo or else use something like 
"suck" or "newsx" for this.


> After I get this setup I would like to 'peer' with the securecomp server for
> the two groups I will be mirroring. What I mean by this is that I will make
> the securecomp groups postable and then my news server will feed to their
> news server.  Are there any issues with this?

Will they go along with this?  If not, it's not a real feed.  (You can do 
a suck feed, although it's not as nice -- and may even violate terms of 
service in some cases.)


> As I said above, I am very interested in the authorization mechanisms used
> by INN.  

Whoa, confusion alert.  When we talk about authentication here, we 
generally mean of newsreader clients to the server.  The mechanisms you 
describe generally have to do with signing of *articles* (and that is 
almost never relevant to INN; an article is just a blob from its point of 
view).


> I have read about using PGP signatures to post to a control group

This is the exception to the "almost" above.


> and I assume that you can set up PGP sig verification to post to any group.

The user can of course sign any article he likes.  You'd have to do some 
work to restrict posting based on that, though.


> I am curious about x509 signatures as well.  I seem to remember that
> Collabra could do this.  Are there any implementations using x509 certs and
> INN?  I would be primarily interested in testing these against a private CA
> we are setting up.

I don't know of any certificates used for user authentication, really.  
There's SSL support in INN, although not for examining the client cert and 
doing authorization based on it.  The only other certificate-like thing I 
know of in actual use is Kerberos.  (I may be unaware of something, 
though.)


-- 
Jeffrey M. Vinocur
jeff at litech.org



More information about the inn-workers mailing list