readers.conf: problem with secure connection

Bill Tangren bjt at aa.usno.navy.mil
Wed Mar 16 20:09:53 UTC 2005 

Bill Tangren wrote:
> Hello all:
> 
> I have inn 2.4.1 running on my server (which is behind a firewall). I am 
> attempted to setup secure connections through the firewall. This is what 
> I want to do: The newsgroups I have are all local and private. I have no 
> external feeds.
> 
> I want to be able to allow *only* those who have accounts on this server 
> to be able to access these newsgroups from outside the firewall.
> 
> I want to be able to use the user's system username/password for 
> authentication, so that the user doesn't have to keep (i.e. remember) 
> and maintain an additional password.
> 
> Right now, I am testing the system behind the firewall by setting up a 
> test user on another computer and trying to get the inn server to prompt 
> for the username/password,and to check the /etc/passwd file for validation.
> 
> The server, before I started piddling with auth commands, allowed anyone 
> to make a secure connection. Now that I am trying to add authentication, 
> all I get is a wait cursor when I use a newsgroup reader for access.
> 
> This is an example of what I've tried in my readers.conf:
> 
> auth "identified" {
>      auth: "ckpasswd -f /etc/passwd"
>      res: "ident"
>      default: <FAIL>
> }
> 
> What I would like to know is, is what I am trying to do possible?
> 
> Searching through your archives has turned up a few examples (what you 
> see above is one of them), but nothing like what I am trying to do. 
> Could someone point me to a URL with an explanation, or better yet, 
> examples?
> 
> TIA,
> 
> Bill Tangren
> 

I decided to try using telnet to connect to this server. I find that neither

telnet news.server.com 563

nor

ssh -p 563 news.server.com

work. Both time out. So, the problem I seem to be having is that the 
xinetd.d service, given by

service nntps
{
         socket_type     = stream
         protocol        = tcp
         wait            = no
         user            = news
         disable         = no
         server          = /news/bin/nnrpd
         server_args     = -S
}

is not working. I don't understand this, because I am able to use a news 
reader (thunderbird) to obtain a listing of newsgroups, and to subscribe 
to some of them, when I access the news server through port 563. It is 
when I try to download messages from those groups that the newsreader 
hangs.

I don't know were error messages (if any) are going, so I'm stuck trying 
to debug this.

Any suggestions?

Bill Tangren

More information about the inn-workers mailing list