[leafnode-list] Re: authentication questions
Matthias Andree
matthias.andree at gmx.de
Thu Feb 5 17:44:34 CET 2009
Am 05.02.2009, 17:16 Uhr, schrieb clemens fischer
<ino-news at spotteswoode.dnsalias.org>:
> Matthias Andree wrote:
>
>> There's a main loop that reads the input and then handles the known
>> commands in individual functions. Then there's an authentication that
>> can be crypt() based or PAM based, but we don't do mandatory access
>> control for user -> newsgroups mapping yet, it's all-or-nothing.
>
> Does somebody know what NNTP status code (4xx or 5xx) would have to be
> returned to the client of an unauthenticated or unelligable user if he
> wanted to open some group or read an article? Are there different codes
> depending on state?
There's a reason why leafnode doesn't have such a feature yet...
RFC3977 doesn't appear to foresee special codes, so you'll pretend that
the group doesn't exist, i. e. "411 no such group".
Please keep in mind that such features are usually requested by concerned
parents who want to protect their offspring, so just showing, but not
giving, is second to fully hiding the group.
If you want to do it thoroughly and to avoid that groups spring into
existence through cross-posting and wreak havoc later on, when
restrictions are relaxed, there's more: You also need to hide
non-permitted groups from the lists (active/group lists) and suppressing
related information in overview and headers (Xref, Newsgroups, in
particular). It's much easier to do that in fetchnews with
only_groups_pcre (which is a long-winding name, I'll admit).
I'm willing to help here.
Please do not use different codes or strings in the NNTP dialogues,
although you can opt to log a different code or additional line to syslog
in addition to the string that goes over the wire. dogroup() is simple
enough and should be the only source of 411 codes.
> Maybe I should leave this to the admin. Afterall, he sets up the
> script.
Please don't do that, it'll wreak havoc. Newsreaders (NR) are often
sloppily coded and not very robust versus deviation from standards, as
only few newsservers exist, and most copy INN's behaviour whenever in
doubt, so that's what NRs expect.
Thanks for taking interest in this.
--
Matthias Andree
More information about the leafnode-list
mailing list