david@igcom.net,
This is an excerpt from the BSD man pages (nnrp.access) -
The second field is a set of letters specifying the per-
missions granted to the client. The perms should be cho-
sen from the following set:
R The client can retrieve articles
P The client can post articles
The third and fourth fields specify the username and pass-
word that the client must use to authenticate themselves
before the server will accept any articles.
--------------------------------------------------------------------------
Note that no
authentication (other then a matching entry in this file)
is required for newsreading.
--------------------------------------------------------------------------
If they are empty, then no
password is required. Whitespace in these fields will
result in the client being unable to properly authenticate
themselves and may be used to disable access.
The fifth field is a set of patterns identifying the news-
groups that the client is allowed to access. The patterns
are interpreted in the same manner as the newsfeeds(5)
file. The default, however, denies access to all groups.
The access file is normally used to provide host-level
access control for reading and posting articles. There
are times, however, when this is not sufficient and user-
level access control is needed. Whenever an NNTP
``authinfo'' command is used, the nnrpd server re-reads
this file and looks for a matching username and password.
If the local newsreaders are modified to send the
``authinfo'' command, then all host entries can have no
access and specific users can be granted the appropriate
read and post access.
> I can make a more detailed answer later, im in a hurry. Check your
> nnrp.access file.
>
> > david@igcom.net,
> > How can it disable reading? I have read through the man pages & see nothing
> > that lets it work the way I need it to. I can disable reading by disallowing
> > hosts/domains, but it will not let me enforce a login name/password for
> > reading. I am using the INN shipped with BSDI 2.1, is there an updated version
> > somewhere that allows this type of checking?? If I put a username/pass in
> > nnrp.access it still lets them read without entering a password.
> > Any help/suggestions would be appreciated.
> >
> > > > Sorry if this is a stupid question, but I am still very new to all this net
> > > > communication and UNIX stuff....Is there a way, using packet filters, to filter
> > > > out access to reading newsgroups? INN allows password protection for posting
> > > > but not reading. If I can't filter out packets I will have to change all my
> > > > users to UNIX logons and add news access individualy, instead of using the
> > > > domain with passwords and names....
> > >
> > > Well, besides the fact that INN *can* dissalow Reading as well as writing,
> > > yes you can create a packet filter to block out nntp,nnrp.
----======>>>>>>> May thy life be filled with MaGiC and WoNdEr!
Fare thee well...
- Jeremy T. Elston (Magius@ais.ais-gwd.com)
http://www.ais-gwd.com
^^^^^^^^^^^^^^^^^^^^^^
early work of mine - as ALWAYS, still
under construction!