[leafnode-list] Re: authentication questions

clemens fischer ino-news at spotteswoode.dnsalias.org
Mon Feb 23 23:26:03 CET 2009


On Tue-2009/02/17-22:07 I wrote:

> group_auth {
>    {command_any, user_hi_priv, groups_hi_priv},
>    {command_any, user_low_priv, groups_low_priv}
> }

This feature I would consider finished now.  I tested it with my
newsreader (tin 1.9.4).  It doesn't let me do any spectacular things,
just listing groups by wildcards, subscribing, reading and all that.
Other testing was done using nc(1) (netconnect, simple telnet).  Users
not explicitely allowed to access some groups don't get to see them.

On the Lua side there's a sample implementation of this feature called
"script-groupauth.lua", which will eventually appear in the
distribution.

There may still be subtle corners of usage patterns and clients causing
unexpected behaviour, but they should be easy to find and fix.  All the
problems I encountered were misconfigurations, but script-groupauth.lua
contains support for interactive standalone debugging.  Not very much of
that, but it is possible to edit the configuration table, run the same
commands by it that leafnode(8) would issue and see the outcome of
applying the current rule set.


clemens




More information about the leafnode-list mailing list