Trying to do authentication with htpasswd file

Lisa Ungar lungar at
Thu Mar 31 19:34:45 UTC 2005

I did some testing and decided to set this up on a 2.4.1 INN machine to 
rule out earlier version problems.

There is no space in the password itself.

At first the news reader client (Mozilla 1.7  on AIX) just displays a 
blank screen with no newsgroups.  It didn't prompt me to login when I 
requested newsgroups. 

Next, I setup in news reader client  properties to force authentication 
every time it connects.

The news.notice file now says:

Mar 31 14:17:45 w3forums1b nnrpd[28624]: 
Mar 31 14:17:59 w3forums1b nnrpd[28624]: bad_hook 
program caught signal 15
Mar 31 14:17:59 w3forums1b nnrpd[28624]: bad_auth
Mar 31 14:17:59 w3forums1b nnrpd[28624]: times 
user 0.0
10 system 0.000 idle 0.005 elapsed 13.748
Mar 31 14:17:59 w3forums1b nnrpd[28624]: time 
13750 idl
e 13730(3) nntpwrite 0(7)

Any ideas?



"Jeffrey M.Vinocur" <jeff at> 
Sent by: inn-workers-bounce at
03/25/2005 09:04 PM

"'inn-workers at' (E-mail)" <inn-workers at>

Re: Trying to do authentication with htpasswd file

On Mar 25, 2005, at 2:38 PM, Lisa Ungar wrote:

> auth "forumslogin" {
>    hosts: ""
>    auth:  "/usr/local/news/bin/auth/passwd/ckpasswd -f
> /usr/local/news/w3appusers"
>    default: "<FAIL>"
> }

(You don't need the full path to ckpasswd, by the way.)

> The ckpasswd command works when I do the echo test,

By this you mean manually generating ClientAuthname/ClientPassword as 
input?  If so, then there's nothing wrong with your password file 
"w3appusers" itself or the way you generate it -- presumably htpasswd 
generates crypted (and not MD5) passwords by default on your system.

(For future reference, recent versions of ckpasswd have -u and -p flags 
that make testing much easier.)

> [...] from my  News client it says bad_auth inside my news.notice file.

No other details in news.notice...hmm...does your password have a space 
in it, by any chance?

> Should I add the res: ident  information to the readers.conf stanzas?

Definitely not.  That should only be used by people who already have 
identd widely implemented on their networks -- if your users are 
connecting from unix machines that are centrally administered, you 
might fall in this category, but you'd want to talk to the people who 
manage your user database / remote authentication stuff to find out if 
identd is available to you.

Jeffrey M. Vinocur
jeff at

More information about the inn-workers mailing list