Caa4nnrpd

From M1Research

Revision as of 15:11, 7 January 2006 by Verem (Talk | contribs)
Jump to: navigation, search

Complex Authentification and Authorization for nnrdp

Contents

Description

caa4nnrpd is a Perl program for authentification and authoraization for INN news reader daemon. That complex perform fluent newsgroups access control. Authentification provided throw the PAM and access control provides throw the preconfigured access list.

Features

  • Open Source
  • Easyes integration way
  • Authentification throw the pam could be configured to authentificate agains DomainController or other password control system

Downloads

Installation

  • 1. Check that INN version is 2.4.1 or higher
  • 2. Download source tarball
  • 3. Check if next modules installed:
Data::Dump
Authen::PAM
if this modules not installed, please visit CPAN for download required modules
  • 4. Unpack archive into /usr/local/caa4nnrpd/

Configuration

  • 1. Configure INN reader config file (/etc/news/readers.conf):
auth "anonymous"
{
    default:            
}

auth "m1users" {
    hosts:              10.1.0.0/16
    perl_auth:          "/usr/local/caa4nnrpd/auth.pl"
    perl_access:        "/usr/local/caa4nnrpd/access.pl"
}

access "localhost" {
    users:      ""
    newsgroups: *.public
    access:     "R"
}
  • 2. Configure PAM (examples of mine, user authentificated against domain controller, make sure that krb5.conf is right): /etc/pam.d/caa4nnrpd:
#%PAM-1.0
auth       required     /lib/security/pam_stack.so service=system-auth-krb5only
account    required     /lib/security/pam_stack.so service=system-auth-krb5only

3. Check config file: (example of mine)


Troubleshooting

Use telnet to test if caa4nnrpd works correct. Tests samples:

  • 1. Anonymous access:
[verem@elbrus verem]$ telnet nntp 119
Trying 10.1.1.14...
Connected to nntp.internal.m1stereo.tv (10.1.1.14).
Escape character is '^]'.
201 bazbek.internal.m1stereo.tv InterNetNews NNRP server INN 2.4.1 ready (no posting).
LIST
215 Newsgroups in form "group high low flags".
m1.public 0000000000 0000000001 y
m1.programs.missmusic.public 0000000000 0000000001 y
m1.programs.popua.public 0000000000 0000000001 y
m1.programs.ministry.public 0000000000 0000000001 y
m1.programs.horrorshow.public 0000000000 0000000001 y
m1.programs.guttenmourgen.public 0000000000 0000000001 y
m1.programs.showtoli.public 0000000000 0000000001 y
m1.programs.shake.public 0000000000 0000000001 y
m1.programs.tf.public 0000000000 0000000001 y
m1.production.www.public 0000000000 0000000001 y
m1.production.studio.public 0000000000 0000000001 y
m1.programs.m1news.public 0000000000 0000000001 y
m1.programs.m1cipe.public 0000000000 0000000001 y
m1.programs.m20.public 0000000000 0000000001 y
.
group m1.public
211 0 0 0 m1.public
post
440 Posting not allowed
  • 2. Failed authentification:
[verem@elbrus verem]$ telnet nntp 119
Trying 10.1.1.14...
Connected to nntp.internal.m1stereo.tv (10.1.1.14).
Escape character is '^]'.
201 bazbek.internal.m1stereo.tv InterNetNews NNRP server INN 2.4.1 ready (no posting).
authinfo user puConnection closed by foreign host.
[verem@elbrus verem]$ authinfo user
[verem@elbrus verem]$ telnet nntp 119
Trying 10.1.1.14...
Connected to nntp.internal.m1stereo.tv (10.1.1.14).
Escape character is '^]'.
201 bazbek.internal.m1stereo.tv InterNetNews NNRP server INN 2.4.1 ready (no posting).
authinfo user pupkin
381 PASS required
authinfo pass password
502 Access Denied
Connection closed by foreign host.
[verem@elbrus verem]$
  • 3. Success aithentification:
[verem@elbrus verem]$ telnet nntp 119
Trying 10.1.1.14...
Connected to nntp.internal.m1stereo.tv (10.1.1.14).
Escape character is '^]'.
201 bazbek.internal.m1stereo.tv InterNetNews NNRP server INN 2.4.1 ready (no posting).
authinfo user verem
381 PASS required
authinfo pass PASSWORD
281 Ok
list
215 Newsgroups in form "group high low flags".
m1.public 0000000000 0000000001 y
m1.public.flame 0000000007 0000000001 y
m1.public.humor 0000000000 0000000001 y
m1.public.music 0000000000 0000000001 y
m1.programs 0000000000 0000000001 y
m1.programs.missmusic.public 0000000000 0000000001 y
m1.programs.popua.public 0000000000 0000000001 y
m1.programs.ministry.public 0000000000 0000000001 y
m1.programs.horrorshow.public 0000000000 0000000001 y
m1.programs.guttenmourgen.public 0000000000 0000000001 y
m1.programs.showtoli.public 0000000000 0000000001 y
m1.programs.shake.public 0000000000 0000000001 y
m1.programs.tf.public 0000000000 0000000001 y
m1.production.nle 0000000000 0000000001 y
m1.production.www 0000000000 0000000001 y
m1.production.www.public 0000000000 0000000001 y
m1.production.studio 0000000000 0000000001 y
m1.production.studio.public 0000000000 0000000001 y
m1.programs.m1news.public 0000000000 0000000001 y
m1.programs.m1cipe.public 0000000000 0000000001 y
m1.programs.m20.public 0000000000 0000000001 y
m1.production.graphics 0000000000 0000000001 y
.
group m1.production.nle
211 0 0 0 m1.production.nle
post
340 Ok, recommended ID <crbrer$cvb$1@kazbek.m1stereo.tv>

Licence

    caa4nnrpd - Complex Authentification and Authorization for nnrdp
    fluent INN newsgroups access control system
                                                                                                                                               
    Copyright (C) 2005 Maksym Veremeyenko.
    Contributed by Maksym Veremeyenko, verem@m1stereo.tv, 2005.
                                                                                                                                               
    caa4nnrpd is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.
                                                                                                                                               
    caa4nnrpd is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with caa4nnrpd; if not, write to the Free Software
    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
Personal tools