[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[leafnode-list] authentication methods for leafnode NNTP server
I was poking about in nntpd.c to see if I could add a getpwnam() -based
aurthentication method since OpenBSD does not have PAM. I was hoping to be
able to authenticate the user/pass combo given with AUTHINFO with the system's
user list (/etc/master.passwd) rather than having to maintain a separate file
for leafnode. (Password synchrony is nice.)
Problem is, getpwnam() only works if the process is running as root (uid 0),
but leafnode drops privileges long before it gets to where it is accepting
input across the socket.
So I was wondering - is it necessary for leafnode to drop privs right away?
Or, for setups where authentication is required, could it wait to drop privs
until after the connection has done AUTHINFO, allowing only a limited subet of
ocmmands commands (say HELP, AUTHINFO and QUIT) before then?
Cory C. Albrecht
In /dev/null, no one can hear your stream.
leafnode-list mailing list