1 This directory contains sample authorization programs for use with the
2 'authinfo generic' command in nnrpd.
4 The first program in here is from Doug Needham I have successfully
5 tested this program when connecting to nnrpd by hand, but I've not
6 taken the time to figure out how to get my newsreader to use
7 'authinfo generic'. There is no Makefile here and no serious
8 testing of it, so it's not integrated. If you have success using
9 it and care to share what you've done. Please drop me a note
10 (<inn@isc.org>). Thanks.
13 ---------------------------------------------------------------------------
15 Replied: Fri, 26 Jul 1996 19:29:17 +0200
16 Replied: Douglas Wade Needham <dneedham@dneedham.inhouse.compuserve.com>
17 Received: by gw.home.vix.com id UAA05867; Thu, 25 Jul 1996 20:45:27 -0700 (PDT)
18 Received: (from dneedham@localhost) by dneedham.inhouse.compuserve.com (8.7.4/8.6.9) id XAA21103; Thu, 25 Jul 1996 23:45:25 -0400 (EDT)
19 From: Douglas Wade Needham <dneedham@dneedham.inhouse.compuserve.com>
20 Message-Id: <199607260345.XAA21103@dneedham.inhouse.compuserve.com>
21 Subject: A sample program for authinfo generic (for inn 1.5)
22 To: inn-workers@vix.com (INN Gurus/Workers)
23 Date: Thu, 25 Jul 1996 23:45:25 -0400 (EDT)
24 Cc: inn@isc.org, brister@vix.com (James A. Brister)
25 X-Mailer: ELM [version 2.4 PL25]
27 Content-Type: multipart/mixed; boundary=%#%record%#%
31 Content-Type: text/plain; charset=US-ASCII
32 Content-Transfer-Encoding: 7bit
37 Finally started to get some time to clear some things from my todo list...Here
38 is a sample program which can be used by "authinfo generic" to validate a user
39 against the password file on the news host. While not a great example, it does
40 demonstrate how you can write an authentication program. All I ask is that
43 A couple of notes that I have found out about these programs for those of you
44 who may be interested in writing your own...
46 1) These programs have stdin and stdout connected all the way back to the
47 reader, so they can carry on a dialog in whatever fashion they want to
48 with the user's news reader. This can include passing Kerberos tickets,
49 encrypted or hashed passwords, or doing a challenge-response type session
50 for authenticating the user rather than passing the password in clear-text
53 2) Regardless of the outcome, the authentication program must send NNRPD a
54 record such as is found in nnrp.access by writing it to stderr.
56 3) Successful authentication is indicated by a zero exit status, and
57 unsuccessful authentication is indicated by a non-zero exit status.
59 4) Need I say it (again)...these programs can be a security hole unless care is
60 taken to avoid SUID programs and those that transmit/recieve passwords in
61 the clear (especially those that use login passwords). We should give some
62 thought to doing a similiar program for Kerberos authentication (what sort
63 of instance should we use???) and other authentication methods such as
64 Compuserve's Distributed Authentication (guess I should do this one once the
65 standard is finialized with the IETF 8) ).
67 Also, a question for the list as a whole... what readers easily support
68 authinfo generic (including running a program at the reader's end to do things
69 like challenge-response)???
71 Well...here it is...enjoy 8)...
75 #### See auth_pass.c #####