[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[leafnode-list] Re: authentication questions

To: "clemens fischer" <ino-news@xxxxxxxxxxxxxxxxxxxxxxxxx>, leafnode-list@xxxxxxxxxxxxxxxxxxxxxxxxxxxx
Subject: [leafnode-list] Re: authentication questions
From: "Matthias Andree" <matthias.andree@xxxxxx>
Date: Thu, 05 Feb 2009 17:44:34 +0100
Delivery-date: Thu, 05 Feb 2009 17:44:41 +0100
List-id: Leafnode NNTP Server - Support and Technical discussions <leafnode-list.dt.e-technik.uni-dortmund.de>
Organization:
Sender: leafnode-list-bounces+list01=leafnode.de@xxxxxxxxxxxxxxxxxxxxxxxxxxxx
User-agent: Opera Mail/9.63 (Win32)

Am 05.02.2009, 17:16 Uhr, schrieb clemens fischer  
<ino-news@xxxxxxxxxxxxxxxxxxxxxxxxx>:

> Matthias Andree wrote:
>
>> There's a main loop that reads the input and then handles the known
>> commands in individual functions. Then there's an authentication that
>> can be crypt() based or PAM based, but we don't do mandatory access
>> control for user -> newsgroups mapping yet, it's all-or-nothing.
>
> Does somebody know what NNTP status code (4xx or 5xx) would have to be
> returned to the client of an unauthenticated or unelligable user if he
> wanted to open some group or read an article?  Are there different codes
> depending on state?

There's a reason why leafnode doesn't have such a feature yet...

RFC3977 doesn't appear to foresee special codes, so you'll pretend that  
the group doesn't exist, i. e. "411 no such group".

Please keep in mind that such features are usually requested by concerned  
parents who want to protect their offspring, so just showing, but not  
giving, is second to fully hiding the group.

If you want to do it thoroughly and to avoid that groups spring into  
existence through cross-posting and wreak havoc later on, when  
restrictions are relaxed, there's more: You also need to hide  
non-permitted groups from the lists (active/group lists) and suppressing  
related information in overview and headers (Xref, Newsgroups, in  
particular). It's much easier to do that in fetchnews with  
only_groups_pcre (which is a long-winding name, I'll admit).

I'm willing to help here.

Please do not use different codes or strings in the NNTP dialogues,  
although you can opt to log a different code or additional line to syslog  
in addition to the string that goes over the wire. dogroup() is simple  
enough and should be the only source of 411 codes.

> Maybe I should leave this to the admin.  Afterall, he sets up the
> script.

Please don't do that, it'll wreak havoc. Newsreaders (NR) are often  
sloppily coded and not very robust versus deviation from standards, as  
only few newsservers exist, and most copy INN's behaviour whenever in  
doubt, so that's what NRs expect.

Thanks for taking interest in this.

-- 
Matthias Andree
-- 
_______________________________________________
leafnode-list mailing list
leafnode-list@xxxxxxxxxxxxxxxxxxxxxxxxxxxx
https://www.dt.e-technik.uni-dortmund.de/mailman/listinfo/leafnode-list
http://leafnode.sourceforge.net/

Follow-Ups:
- [leafnode-list] Re: authentication questions
  - From: Matthias Andree
- [leafnode-list] Re: authentication questions
  - From: clemens fischer

References:
- [leafnode-list] authentication questions
  - From: Eric S. Johansson
- [leafnode-list] Re: authentication questions
  - From: Matthias Andree
- [leafnode-list] Re: authentication questions
  - From: Eric S. Johansson
- [leafnode-list] Re: authentication questions
  - From: Matthias Andree
- [leafnode-list] Re: authentication questions
  - From: clemens fischer
- [leafnode-list] Re: authentication questions
  - From: Matthias Andree
- [leafnode-list] Re: authentication questions
  - From: clemens fischer

Prev by Date: [leafnode-list] Re: authentication questions
Next by Date: [leafnode-list] Re: authentication questions
Previous by thread: [leafnode-list] Re: authentication questions
Next by thread: [leafnode-list] Re: authentication questions
Index(es):
- Date
- Thread