Readers.conf and auth access

Tue Aug 5 21:11:06 UTC 2003

Hi,

maybe it's a good idea to read carefully the readers.conf
man page (at least twice) :) 

Ok, I'll try to explain where you went wrong ... see the
comments inside your mail below... 

News Administrator wrote: 

>Hi all, 
>
>
>i'm trying to setup auth access for INN 2.4 on Linux, but i'm getting errors
>trying to access with authentication. My readers.conf is setup as below: 
>
>auth "authusers" {
>        hosts: * 
>
Here you match all host which are trying to connect 

>        auth: "/usr/lib/news/bin/auth/passwd/ckpasswd -f /etc/news/innauth" 
>
Now you are trying to assign identity to the user using
a user/password authentication. This because Inn at the
begining only knows the host name of the connecting
machine but nothing about an user name or password.
Once the user authenticates with a valid pair it will
have an identity assigned with it .F or example for user
name "stefano" and correct password it should have
identity "<stefano at 3000.it>". where the host name is assigned
depending on the host from which the connection was
established. 

>        default: "<authusers>" 
>
Look here. If your auth: or res: authentication get failed
for the connecting news reader then the "default:"
identity will be assigned. E.g. if you fail to authenticate in
your example you'll automatically be assigned to user
identity "<authusers>" 

>} 
>
>access "authusers" {
>        users: "<authusers>" 
>
And what hapens here. You are permiting access only to user
which fails to authenticate ... but not to the users which are properly
authenticated (like "<stefano at 3000.it>") 

Actually instead of 

users: "<authusers>" 

you need a line like this: 

users: "stefano at 3000.it" 

or 

users: "*@3000.it" 

>        read: "*, !junk, !control*, !local*"
>        post: "*" 
>
And of course your unathenticated user has read access to near all folder
and post access to all of them. 

>} 
>
>The strange thing it's that if i try to auth myself i don't get access. If i
>try to connect without authentication i can get full access. Maybe it's a 
>
Yes, this is the correct behaviour with the readers.conf you use. 

Regards,
Boryan Yotov 

>simple mistake in my configuration, but i've tried many configuration
>without success. .... Who can help me? 
>
>Thanks and Regards 
>
>
>Stefano 
>
>--
>Stefano Cislaghi [SC1791-RIPE]
>3000.it News Administrator
>newsadmin at 3000.it 
>
>Peering? We're looking for comp.* and news.* peers - Contact us for more
>details 
>
>Please reports any abuse to: abuse at 3000.it 
>
> 
>
>
>   
>