private newsgroups & collabra server?
Miles Fidelman
mfidelman at protocoltechnologiesgroup.com
Sat Apr 9 12:50:48 UTC 2016
On 4/9/16 7:50 AM, Thomas Hochstein wrote:
> Miles Fidelman schrieb:
>
>> A follow-up question though - I know that INN (and NNTP) have some
>> authentication capabilities - but what I'm still trying to figure out is
>> whether these are local only, or whether there are any global
>> authentication capabilities for newsgroup access (e.g., encryption
>> of messages under a shared key, or distributed access control using
>> Kerberos).
> INN supports external programs for authentification, see
> <https://www.eyrie.org/~eagle/software/inn/docs-2.6/external-auth.html>.
> Examples shipped with INN include:
<snip>
>
> You can modify one of them to suit your needs or roll your own.
>
> It is quite possible to set INN up, using Kerberos or a SQL database
> for authentification, with user accounts managed using a GUI or a web
> app (you'd most probably had to create yourself); and you could manage
> creation, modification or deletion of local newsgroups by a GUI tool
> or a web app, too. It shouldn't be too hard to whip something up in
> that way.
Ok - but these only get you as far as authenticating a user to
individual servers.
Perhaps I wasn't as clear as I could have been about what I'm asking.
So let me elaborate: I'm trying to provide global access control to a
specific, private, newsgroup, across all servers that subscribe - using
some kind of global mechanism.
Obviously, only distributing to servers that require authentication is a
start, coupled with kerberos or radius to manage access rights across
all users and servers.
That leads to a follow-up question: At what granularity can INN apply
authentication-based access control - to the server, or to the
individual newsgroup?
But, what I'm really thinking is something more like encrypting
individual messages under a newsgroup-specific key, and using kerberos,
or something like it, to make that key available to authenticated users
- allowing fine-grained access control on a per-user x per-newsgroup
basis. Is there anything in the message formats, nntp protocol
extensions, and INN (or other server) to support this kind of access
control?
Thanks Again,
Miles
--
Miles Fidelman, Principal
Protocol Technologies Group, LLC
617-538-9249 - mfidelman at protocoltechnologiesgroup.com
More information about the inn-workers
mailing list