Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!cs.utexas.edu!uunet!mcvax!unido!fauern!immd4.informatik.uni-erlangen.de!eckert From: eckert@immd4.informatik.uni-erlangen.de (Toerless Eckert) Newsgroups: news.software.nntp Subject: Re: NNTP authentication Message-ID: <241@medusa.informatik.uni-erlangen.de> Date: 3 May 89 10:07:28 GMT References: <13084@paris.ics.uci.edu> Organization: IMMD IV, University of Erlangen, W-Germany Lines: 35 In article <13084@paris.ics.uci.edu>, nagel@beaver.ics.uci.edu (Mark Nagel) writes: ... > port? Then, if a connection comes in from a non-trusted port, the > server could just deny read access to *any* group that has such access > restrictions. However, if the connection comes in trusted, then the > uid, etc. information transmitted would be known to be secure. > Clearly, this could be broken by a user with a PC and root access, but > for the intended purposes (local groups with uuid or gid based > restrictions), it should suffice. Has anyone ever done anything like > this? Any thoughts? Changing nntp code to look for privileged ports is not that difficult. I have changed my copy of the 1.5 nntp code to do this things, but not for the reason to disallow anyone reading news, but only to prevent forgery of articles. It was only necessary to change the nntp code to achieve that. My nntp inews now has a root s-bit, and will verify the contents of the "from": and "sender:" header fields, before passing the message on to the nntp server (and the nntp server only accepts "post" or "ihave" from privileged ports, if that feature is enabled). If you want a uid/gid based authentication, you will have to change the news reader too, and if you want to administrate the whole from the site fo the nntp server, you will have to change the nntp protocol also. There are too many different news reader by now, to change them all for that (you name the best news reader ?). If you do not change the nntp protocol, than you have to chance against PC's. If you really want to handle groups that restrictive, don't use nntp, don't even use news, use notes or mailing lists. Handling news restrictive contradicts the usenet etiquette. Toerless Eckert (eckert@immd4.informatik.uni-erlangen.de)