Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!swrinde!cs.utexas.edu!uunet!bywater!acheron!clarke
From: clarke@acheron.uucp (Ed Clarke/10240000)
Newsgroups: news.software.nntp
Subject: Authentication (AUTH) in 1.5.11
Message-ID: <1991Apr5.014115.26431@acheron.uucp>
Date: 5 Apr 91 01:41:15 GMT
Organization: Ciliophora Associates
Lines: 21

I've started to test AUTH under 1.5.11 on a small LAN with a few
hundred work stations running news.  The code works, sort of, but
really isn't satisfactory.  As delivered each news user must have
'nntp' as his/her default group.  A few simple patches fix this
problem and the lack of a userid check in the passfile. ( Inews
was just checking for the system, and not for the user who was
trying to post.  Anyone posting would come in as the first valid
user in the passfile ).  I have context diffs to send out to the
authors as soon as I can figure out who gets them ...

A bigger logical problem is the existence of that passfile.  This
file contains userid and cleartext passwords for multiple people.
Who administers this file?   I would prefer to use a non setuid
inews and grab the server/pass info from the users ".netrc".  It'd
be one less file for the poor system administrator to anguish over.
And one less setuid program - even if it's not setuid root.

-- 
Ed Clarke      |  Artificial insemination is when the farmer does it to
acheron!clarke |  the cow and not the bull.
               |                 - Richard Lederer (Anguished English)