Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!purdue!ames!elroy!ucla-cs!uci-ics!nagel@beaver.ics.uci.edu
From: nagel@beaver.ics.uci.edu (Mark Nagel)
Newsgroups: news.software.nntp
Subject: NNTP authentication
Message-ID: <13084@paris.ics.uci.edu>
Date: 1 May 89 22:48:27 GMT
Sender: news@paris.ics.uci.edu
Reply-To: nagel@beaver.ics.uci.edu (Mark Nagel)
Organization: University of California, Irvine - Dept of ICS
Lines: 19

This has been brought up before, but some people here have recently
re-asked the question, "Why can't we make certain groups readable only
be certain people?" again.  Currently, NNTP has no built-in
authentication system other than host authentication.  How difficult
would it be to modify things such that any potential client must run a
local program that connects to the remote NNTP server over a trusted
port?  Then, if a connection comes in from a non-trusted port, the
server could just deny read access to *any* group that has such access
restrictions.  However, if the connection comes in trusted, then the
uid, etc. information transmitted would be known to be secure.
Clearly, this could be broken by a user with a PC and root access, but
for the intended purposes (local groups with uuid or gid based
restrictions), it should suffice.  Has anyone ever done anything like
this?  Any thoughts?

Mark Nagel @ UC Irvine, Department of Information and Computer Science
                            +----------------------------------------+
ARPA: nagel@ics.uci.edu     | If you improve something long enough   |
UUCP: ucbvax!ucivax!nagel   | eventually you will throw it away.     |