Russ Allbery rra at
Sat Feb 1 23:52:14 UTC 2003

Owen Jacobson <ojacobson.innd at> writes:

> The change you suggested has simply made the 'private' groups
> publicly-visible.  readers.conf now looks like:

> auth "ue-staff" {
> hosts: *
> auth: "ckpasswd -s"
> default: "<ue-staff>"
> }

Oh, I didn't notice this before... this isn't doing what you expect.  The
default is what happens when the person *doesn't* authenticate.  So if the
user connects from any host and *doesn't* authenticate, they get assigned
the identity of <ue-staff>

> auth "world" {
> hosts: *
> default: "<world>"
> }

You don't actually want two auth groups.  What you want is this:

auth "all" {
    hosts: *
    auth: "ckpasswd -s"
    default: <world>

In other words, any connection gets assigned the default identity of
<world> and only gets an actual identity if they send AUTHINFO commands
and ckpasswd -s succeeds.

access "ue-groups" {
    users: *,!<world>
    newsgroups: ue.*

All users except <world> get access to all of ue.*.

access "pub" {
    users: <world>

And the <world> user only gets access to*.

You can leave off the access lines, as they're the default.

Russ Allbery (rra at             <>

    Please send questions to the list rather than mailing me directly.
     <> explains why.

More information about the inn-workers mailing list