Caa4nnrpd
From M1Research
Complex Authentification and Authorization for nnrdp
Contents |
Description
caa4nnrpd is a Perl program for authentification and authoraization for INN news reader daemon. That complex perform fluent newsgroups access control. Authentification provided throw the PAM and access control provides throw the preconfigured access list.
Features
- Open Source
- Easyes integration way
- Authentification throw the pam could be configured to authentificate agains DomainController or other password control system
Downloads
- Version 0.90 (2005-01-03 17:00)
- 1. Download: caa4nnrpd-0.90.tar.bz2
- 2. Changelog:
- 1. A bit of code cleanup
Installation
- 1. Check that INN version is 2.4.1 or higher
- 2. Download source tarball
- 3. Check if next modules installed:
Data::Dump Authen::PAMif this modules not installed, please visit CPAN for download required modules
- 4. Unpack archive into
/usr/local/caa4nnrpd/
Configuration
- 1. Configure INN reader config file (
/etc/news/readers.conf):
auth "anonymous"
{
default:
}
auth "m1users" {
hosts: 10.1.0.0/16
perl_auth: "/usr/local/caa4nnrpd/auth.pl"
perl_access: "/usr/local/caa4nnrpd/access.pl"
}
access "localhost" {
users: ""
newsgroups: *.public
access: "R"
}
- 2. Configure PAM (examples of mine, user authentificated against domain controller, make sure that
krb5.confis right):/etc/pam.d/caa4nnrpd:
#%PAM-1.0 auth required /lib/security/pam_stack.so service=system-auth-krb5only account required /lib/security/pam_stack.so service=system-auth-krb5only
3. Check config file: (example of mine)
Troubleshooting
Use telnet to test if caa4nnrpd works correct. Tests samples:
- 1. Anonymous access:
[verem@elbrus verem]$ telnet nntp 119 Trying 10.1.1.14... Connected to nntp.internal.m1stereo.tv (10.1.1.14). Escape character is '^]'. 201 bazbek.internal.m1stereo.tv InterNetNews NNRP server INN 2.4.1 ready (no posting). LIST 215 Newsgroups in form "group high low flags". m1.public 0000000000 0000000001 y m1.programs.missmusic.public 0000000000 0000000001 y m1.programs.popua.public 0000000000 0000000001 y m1.programs.ministry.public 0000000000 0000000001 y m1.programs.horrorshow.public 0000000000 0000000001 y m1.programs.guttenmourgen.public 0000000000 0000000001 y m1.programs.showtoli.public 0000000000 0000000001 y m1.programs.shake.public 0000000000 0000000001 y m1.programs.tf.public 0000000000 0000000001 y m1.production.www.public 0000000000 0000000001 y m1.production.studio.public 0000000000 0000000001 y m1.programs.m1news.public 0000000000 0000000001 y m1.programs.m1cipe.public 0000000000 0000000001 y m1.programs.m20.public 0000000000 0000000001 y . group m1.public 211 0 0 0 m1.public post 440 Posting not allowed
- 2. Failed authentification:
[verem@elbrus verem]$ telnet nntp 119 Trying 10.1.1.14... Connected to nntp.internal.m1stereo.tv (10.1.1.14). Escape character is '^]'. 201 bazbek.internal.m1stereo.tv InterNetNews NNRP server INN 2.4.1 ready (no posting). authinfo user puConnection closed by foreign host. [verem@elbrus verem]$ authinfo user [verem@elbrus verem]$ telnet nntp 119 Trying 10.1.1.14... Connected to nntp.internal.m1stereo.tv (10.1.1.14). Escape character is '^]'. 201 bazbek.internal.m1stereo.tv InterNetNews NNRP server INN 2.4.1 ready (no posting). authinfo user pupkin 381 PASS required authinfo pass password 502 Access Denied Connection closed by foreign host. [verem@elbrus verem]$
- 3. Success aithentification:
[verem@elbrus verem]$ telnet nntp 119 Trying 10.1.1.14... Connected to nntp.internal.m1stereo.tv (10.1.1.14). Escape character is '^]'. 201 bazbek.internal.m1stereo.tv InterNetNews NNRP server INN 2.4.1 ready (no posting). authinfo user verem 381 PASS required authinfo pass PASSWORD 281 Ok list 215 Newsgroups in form "group high low flags". m1.public 0000000000 0000000001 y m1.public.flame 0000000007 0000000001 y m1.public.humor 0000000000 0000000001 y m1.public.music 0000000000 0000000001 y m1.programs 0000000000 0000000001 y m1.programs.missmusic.public 0000000000 0000000001 y m1.programs.popua.public 0000000000 0000000001 y m1.programs.ministry.public 0000000000 0000000001 y m1.programs.horrorshow.public 0000000000 0000000001 y m1.programs.guttenmourgen.public 0000000000 0000000001 y m1.programs.showtoli.public 0000000000 0000000001 y m1.programs.shake.public 0000000000 0000000001 y m1.programs.tf.public 0000000000 0000000001 y m1.production.nle 0000000000 0000000001 y m1.production.www 0000000000 0000000001 y m1.production.www.public 0000000000 0000000001 y m1.production.studio 0000000000 0000000001 y m1.production.studio.public 0000000000 0000000001 y m1.programs.m1news.public 0000000000 0000000001 y m1.programs.m1cipe.public 0000000000 0000000001 y m1.programs.m20.public 0000000000 0000000001 y m1.production.graphics 0000000000 0000000001 y . group m1.production.nle 211 0 0 0 m1.production.nle post 340 Ok, recommended ID <crbrer$cvb$1@kazbek.m1stereo.tv>
Licence
caa4nnrpd - Complex Authentification and Authorization for nnrdp
fluent INN newsgroups access control system
Copyright (C) 2005 Maksym Veremeyenko.
Contributed by Maksym Veremeyenko, verem@m1stereo.tv, 2005.
caa4nnrpd is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
caa4nnrpd is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with caa4nnrpd; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
