[leafnode-list] Re: authentication questions

Matthias Andree matthias.andree at gmx.de
Thu Feb 5 17:44:34 CET 2009


Am 05.02.2009, 17:16 Uhr, schrieb clemens fischer  
<ino-news at spotteswoode.dnsalias.org>:

> Matthias Andree wrote:
>
>> There's a main loop that reads the input and then handles the known
>> commands in individual functions. Then there's an authentication that
>> can be crypt() based or PAM based, but we don't do mandatory access
>> control for user -> newsgroups mapping yet, it's all-or-nothing.
>
> Does somebody know what NNTP status code (4xx or 5xx) would have to be
> returned to the client of an unauthenticated or unelligable user if he
> wanted to open some group or read an article?  Are there different codes
> depending on state?

There's a reason why leafnode doesn't have such a feature yet...

RFC3977 doesn't appear to foresee special codes, so you'll pretend that  
the group doesn't exist, i. e. "411 no such group".

Please keep in mind that such features are usually requested by concerned  
parents who want to protect their offspring, so just showing, but not  
giving, is second to fully hiding the group.

If you want to do it thoroughly and to avoid that groups spring into  
existence through cross-posting and wreak havoc later on, when  
restrictions are relaxed, there's more: You also need to hide  
non-permitted groups from the lists (active/group lists) and suppressing  
related information in overview and headers (Xref, Newsgroups, in  
particular). It's much easier to do that in fetchnews with  
only_groups_pcre (which is a long-winding name, I'll admit).

I'm willing to help here.

Please do not use different codes or strings in the NNTP dialogues,  
although you can opt to log a different code or additional line to syslog  
in addition to the string that goes over the wire. dogroup() is simple  
enough and should be the only source of 411 codes.

> Maybe I should leave this to the admin.  Afterall, he sets up the
> script.

Please don't do that, it'll wreak havoc. Newsreaders (NR) are often  
sloppily coded and not very robust versus deviation from standards, as  
only few newsservers exist, and most copy INN's behaviour whenever in  
doubt, so that's what NRs expect.

Thanks for taking interest in this.

-- 
Matthias Andree



More information about the leafnode-list mailing list