[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [leafnode-list] setting users?



Jeff wrote:

> was wonder if there was a way to set this up so only certain users can use
> leafnode, say like a user name and password.

Not yet. I am planning to implement this. One question is where to store
the passwords. It is impossible for the nntpd to retrieve passwords from
/etc/shadow because it is not a privileged process, and I would be quite
reluctant to give up this additional level of security. The choice would
probably therefore be to have a separate password file owned (and readable)
by user "news".

> Is there a log file that show who has connected to leafnode and from where?

If you use tcp-wrapper (as you should) you can tweak them to log as much
information as possible by putting the following stuff into /etc/hosts.deny

leafnode: ALL EXCEPT LOCAL

and into /etc/hosts.allow

leafnode: ipnumber.of.your.machine

This will deny access to leafnode to everybody coming from outside
provided that leafnode is started from the /etc/inetd.conf with

nntp    stream  tcp     nowait  news    /usr/sbin/tcpd  /path/to/leafnode

If the last entry in the /path/to/leafnode is, for example, in.nntpd
instead, you have to change the "leafnode" in /etc/hosts.deny and
/etc/hosts.allow accordingly.

For further documentation of tcp wrappers, I refer to their man pages:
hosts_access(5) and hosts_options(5). There should also be programs
called tcpdchk (which checks the configuration of your tcp wrappers)
and tcpdmatch (which checks how a specific request would be handled)
which also have manpages.

--Cornelius.

-- 
/* Cornelius Krasel, U Wuerzburg, Dept. of Pharmacology, Versbacher Str. 9 */
/* D-97078 Wuerzburg, Germany   email: phak004@xxxxxxxxxxxxxxxxxxxxxx  SP4 */
/* "Science is the game we play with God to find out what His rules are."  */

-- 
leafnode-list@xxxxxxxxxxxxxxxxxxxxxxxxxxxx -- mailing list for leafnode
To unsubscribe, send mail with "unsubscribe" in the subject to the list