Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!bbn!bbn.com!rsalz
From: rsalz@bbn.com (Rich Salz)
Newsgroups: news.software.nntp
Subject: Re: NNTP authentication
Message-ID: <1709@fig.bbn.com>
Date: 2 May 89 14:53:21 GMT
References: <13084@paris.ics.uci.edu>
Organization: BBN Systems and Technologies Corporation
Lines: 22

In <13084@paris.ics.uci.edu> nagel@beaver.ics.uci.edu (Mark Nagel) writes:
>  How difficult
>would it be to modify things such that any potential client must run a
>local program that connects to the remote NNTP server over a trusted
>port?

As you point out, this could be broken by anyone with a PC and/or
root access.  Note that there are NNTP clients for several systems --
Symbolics, PC, VMS, Twenex -- that have absolutely no concept of the
BSD "trusted port" invention.

The other problem with this is that it requires your server to know
the UID's of all readers, and that doesn't always make sense.  And
given the heterogeneity, you can't use things like the Unix UID/GID
anyhow.

I think one easy way to do this is to add an "SGROUP" command which
is like the GROUP command but takes a password.  A longer range solution
might be, sigh, Kerberos.
	/r$
-- 
Please send comp.sources.unix-related mail to rsalz@uunet.uu.net.