[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[leafnode-list] authentication methods for leafnode NNTP server

Hello all,

I was poking about in nntpd.c to see if I could add a getpwnam() -based 
aurthentication method since OpenBSD does not have PAM. I was hoping to be 
able to authenticate the user/pass combo given with AUTHINFO with the system's 
user list (/etc/master.passwd) rather than having to maintain a separate file 
for leafnode. (Password synchrony is nice.)

Problem is, getpwnam() only works if the process is running as root (uid 0), 
but leafnode drops privileges long before it gets to where it is accepting 
input across the socket.

So I was wondering - is it necessary for leafnode to drop privs right away? 
Or, for setups where authentication is required, could it wait to drop privs 
until after the connection has done AUTHINFO, allowing only a limited subet of 
ocmmands commands (say HELP, AUTHINFO and QUIT) before then?
Cory C. Albrecht
In /dev/null, no one can hear your stream.

leafnode-list mailing list