[leafnode-list] Re: authentication questions
Matthias Andree
matthias.andree at gmx.de
Thu Feb 5 17:57:41 CET 2009
Am 05.02.2009, 17:44 Uhr, schrieb Matthias Andree <matthias.andree at gmx.de>:
> Am 05.02.2009, 17:16 Uhr, schrieb clemens fischer
> <ino-news at spotteswoode.dnsalias.org>:
>
>> Matthias Andree wrote:
>>
>>> There's a main loop that reads the input and then handles the known
>>> commands in individual functions. Then there's an authentication that
>>> can be crypt() based or PAM based, but we don't do mandatory access
>>> control for user -> newsgroups mapping yet, it's all-or-nothing.
>>
>> Does somebody know what NNTP status code (4xx or 5xx) would have to be
>> returned to the client of an unauthenticated or unelligable user if he
>> wanted to open some group or read an article? Are there different codes
>> depending on state?
>
> There's a reason why leafnode doesn't have such a feature yet...
>
> RFC3977 doesn't appear to foresee special codes, so you'll pretend that
> the group doesn't exist, i. e. "411 no such group".
Well, there are STARTTLS and authentication RFCs for NNTP v2 as well,
namely RFC 4642 (STARTTLS for NNTP) and 4643 (NNTP authentication) that
suggest other solutions - but I haven't yet reviews these new RFCs yet and
don't know how I want leafnode changed to accomodate these.
While leafnode is not yet RFC3977 compliant (that's NNTP v2, which
obsoletes RFC0977 and RFC2980), new changes for leafnode-2 should keep
RFC3977 and 4642...4644 and the related USEFOR (USEFOR and USEPRO) drafts
in mind, as well as RFC5322 where RFC2822 is referenced (RFC5322 obsoletes
RFC2822).
For the drafts, go to
http://www.rfc-editor.org/cgi-bin/idsearch.pl and use the I-D (internet
draft) search for USEFOR.
For the RFCs, also use http://www.rfc-editor.org/
--
Matthias Andree
More information about the leafnode-list
mailing list