Readers.conf and auth access

Boryan Yotov Prosyst AG yotov at
Tue Aug 5 21:11:06 UTC 2003


maybe it's a good idea to read carefully the readers.conf
man page (at least twice) :) 

Ok, I'll try to explain where you went wrong ... see the
comments inside your mail below... 

News Administrator wrote: 

>Hi all, 
>i'm trying to setup auth access for INN 2.4 on Linux, but i'm getting errors
>trying to access with authentication. My readers.conf is setup as below: 
>auth "authusers" {
>        hosts: * 
Here you match all host which are trying to connect 

>        auth: "/usr/lib/news/bin/auth/passwd/ckpasswd -f /etc/news/innauth" 
Now you are trying to assign identity to the user using
a user/password authentication. This because Inn at the
begining only knows the host name of the connecting
machine but nothing about an user name or password.
Once the user authenticates with a valid pair it will
have an identity assigned with it .F or example for user
name "stefano" and correct password it should have
identity "<stefano at>". where the host name is assigned
depending on the host from which the connection was

>        default: "<authusers>" 
Look here. If your auth: or res: authentication get failed
for the connecting news reader then the "default:"
identity will be assigned. E.g. if you fail to authenticate in
your example you'll automatically be assigned to user
identity "<authusers>" 

>access "authusers" {
>        users: "<authusers>" 
And what hapens here. You are permiting access only to user
which fails to authenticate ... but not to the users which are properly
authenticated (like "<stefano at>") 

Actually instead of 

users: "<authusers>" 

you need a line like this: 

users: "stefano at" 


users: "*" 

>        read: "*, !junk, !control*, !local*"
>        post: "*" 
And of course your unathenticated user has read access to near all folder
and post access to all of them. 

>The strange thing it's that if i try to auth myself i don't get access. If i
>try to connect without authentication i can get full access. Maybe it's a 
Yes, this is the correct behaviour with the readers.conf you use. 

Boryan Yotov 

>simple mistake in my configuration, but i've tried many configuration
>without success. .... Who can help me? 
>Thanks and Regards 
>Stefano Cislaghi [SC1791-RIPE]
> News Administrator
>newsadmin at 
>Peering? We're looking for comp.* and news.* peers - Contact us for more
>Please reports any abuse to: abuse at 

More information about the inn-workers mailing list