[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [leafnode-list] Security options?

Donald Roeber wrote:

> For awhile, I've been running a leafnode server that has been open to the
> world.

That is unwise, for the reasons that you outlined in your posting. There
is a reason why the leafnode README advises strongly that you should
always use tcpwrappers. I can see from the local logfiles that my
newsserver is regularly probed nowadays.

> I'd like to implement some username/password authentication method for
> leafnode; my news reader supports logins, but I can't find out if leafnode
> can.

The latest leafnode-2.0beta version supports the generic AUTHINFO command
but not the more sophisticated AUTHINFO SASL. Be aware that using the
generic AUTHINFO is quite insecure because the password will be transferred
in cleartext.


/* Cornelius Krasel, U Wuerzburg, Dept. of Pharmacology, Versbacher Str. 9 */
/* D-97078 Wuerzburg, Germany   email: krasel@xxxxxxxxxxxxxxxxxxxxxxxxxxxx */
/* "Science is the game we play with God to find out what His rules are."  */

leafnode-list@xxxxxxxxxxxxxxxxxxxxxxxxxxxx -- mailing list for leafnode
To unsubscribe, send mail with "unsubscribe" in the subject to the list