Readers.conf and auth access

Tue Aug 5 20:53:44 UTC 2003

Hi,

maybe it's a good idea to read carefully the readers.conf
man page (at least twice) :)

Ok, I'll try to explain where you went wrong ... see the
comments inside your mail below...

News Administrator wrote:

>Hi all,
>
>
>i'm trying to setup auth access for INN 2.4 on Linux, but i'm getting errors
>trying to access with authentication. My readers.conf is setup as below:
>
>auth "authusers" {
>        hosts: *
>
Here you match all host which are trying to connect

>        auth: "/usr/lib/news/bin/auth/passwd/ckpasswd -f /etc/news/innauth"
>
Now you are trying to assign identity to the user using
a user/password authentication. This because Inn at the
begining only knows the host name of the connecting
machine but nothing about an user name or password.
Once the user authenticates with a valid pair it will
have an identity assigned with it .F or example for user
name "stefano" and correct password it should have
identity "<stefano at 3000.it>". where the host name is assigned
depending on the host from which the connection was
established.

>        default: "<authusers>"
>
Look here. If your auth: or res: authentication get failed
for the connecting news reader then the "default:"
identity will be assigned. E.g. if you fail to authenticate in
your example you'll automatically be assigned to user
identity "<authusers>"

>}
>
>access "authusers" {
>        users: "<authusers>"
>
And what hapens here. You are permiting access only to user
which fails to authenticate ... but not to the users which are properly
authenticated (like "<stefano at 3000.it>")

Actually instead of

users: "<authusers>"

you need a line like this:

users: "stefano at 3000.it"

or

users: "*@3000.it"

>        read: "*, !junk, !control*, !local*"
>        post: "*"
>
And of course your unathenticated user has read access to near all folder
and post access to all of them.

>}
>
>The strange thing it's that if i try to auth myself i don't get access. If i
>try to connect without authentication i can get full access. Maybe it's a
>
Yes, this is the correct behaviour with the readers.conf you use.

Regards,
Boryan Yotov

>simple mistake in my configuration, but i've tried many configuration
>without success. .... Who can help me?
>
>Thanks and Regards
>
>
>Stefano
>
>--
>Stefano Cislaghi [SC1791-RIPE]
>3000.it News Administrator
>newsadmin at 3000.it
>
>Peering? We're looking for comp.* and news.* peers - Contact us for more
>details
>
>Please reports any abuse to: abuse at 3000.it
>
>
>
>
>  
>