Trying to do authentication with htpasswd file

Lisa Ungar lungar at us.ibm.com
Thu Mar 31 19:34:45 UTC 2005 

Hi,
I did some testing and decided to set this up on a 2.4.1 INN machine to 
rule out earlier version problems.

There is no space in the password itself.

At first the news reader client (Mozilla 1.7  on AIX) just displays a 
blank screen with no newsgroups.  It didn't prompt me to login when I 
requested newsgroups. 

Next, I setup in news reader client  properties to force authentication 
every time it connects.

The news.notice file now says:

Mar 31 14:17:45 w3forums1b nnrpd[28624]: techstudy.watson.ibm.com 
(9.2.168.142)
connect
Mar 31 14:17:59 w3forums1b nnrpd[28624]: techstudy.watson.ibm.com bad_hook 
program caught signal 15
Mar 31 14:17:59 w3forums1b nnrpd[28624]: techstudy.watson.ibm.com bad_auth
Mar 31 14:17:59 w3forums1b nnrpd[28624]: techstudy.watson.ibm.com times 
user 0.0
10 system 0.000 idle 0.005 elapsed 13.748
Mar 31 14:17:59 w3forums1b nnrpd[28624]: techstudy.watson.ibm.com time 
13750 idl
e 13730(3) nntpwrite 0(7)

Any ideas?

Thanks,

Lisa




"Jeffrey M.Vinocur" <jeff at litech.org> 
Sent by: inn-workers-bounce at isc.org
03/25/2005 09:04 PM

To
"'inn-workers at isc.org' (E-mail)" <inn-workers at isc.org>
cc

Subject
Re: Trying to do authentication with htpasswd file






On Mar 25, 2005, at 2:38 PM, Lisa Ungar wrote:

> auth "forumslogin" {
>    hosts: "techstudy.watson.ibm.com"
>    auth:  "/usr/local/news/bin/auth/passwd/ckpasswd -f
> /usr/local/news/w3appusers"
>    default: "<FAIL>"
> }

(You don't need the full path to ckpasswd, by the way.)


> The ckpasswd command works when I do the echo test,

By this you mean manually generating ClientAuthname/ClientPassword as 
input?  If so, then there's nothing wrong with your password file 
"w3appusers" itself or the way you generate it -- presumably htpasswd 
generates crypted (and not MD5) passwords by default on your system.

(For future reference, recent versions of ckpasswd have -u and -p flags 
that make testing much easier.)


> [...] from my  News client it says bad_auth inside my news.notice file.

No other details in news.notice...hmm...does your password have a space 
in it, by any chance?


> Should I add the res: ident  information to the readers.conf stanzas?

Definitely not.  That should only be used by people who already have 
identd widely implemented on their networks -- if your users are 
connecting from unix machines that are centrally administered, you 
might fall in this category, but you'd want to talk to the people who 
manage your user database / remote authentication stuff to find out if 
identd is available to you.


-- 
Jeffrey M. Vinocur
jeff at litech.org

More information about the inn-workers mailing list