[leafnode-list] authentication methods for leafnode NNTP server
Cory C. Albrecht
cory+leafnode at fenris.cjb.net
Wed Aug 18 19:56:50 CEST 2004
Hello all,
I was poking about in nntpd.c to see if I could add a getpwnam() -based
aurthentication method since OpenBSD does not have PAM. I was hoping to be
able to authenticate the user/pass combo given with AUTHINFO with the system's
user list (/etc/master.passwd) rather than having to maintain a separate file
for leafnode. (Password synchrony is nice.)
Problem is, getpwnam() only works if the process is running as root (uid 0),
but leafnode drops privileges long before it gets to where it is accepting
input across the socket.
So I was wondering - is it necessary for leafnode to drop privs right away?
Or, for setups where authentication is required, could it wait to drop privs
until after the connection has done AUTHINFO, allowing only a limited subet of
ocmmands commands (say HELP, AUTHINFO and QUIT) before then?
--
Cory C. Albrecht
http://cory.doesntexist.com/
In /dev/null, no one can hear your stream.
More information about the leafnode-list
mailing list