[EMAIL PROTECTED] wrote:
>
> I have done what you specify in your answer below. The following is now my
> problem:
>
> I cannot allow users from 127.0.0.1 in access.conf to read and write without
> authentication since sslwrap talks to DNEWS from this IP. This would allow
> annonymous access when going through sslwrap.
>
> So, I put "127.0.0.1:read,post:$lookup$:$lookup$:*:" as my only access rule
> in access.conf. This prompts ssl users for password when conecting. All is
> well.
>
> When using the DnewsWeb interface however, the users authenticate with the
> IIS on my server and after this is free to use DnewsWeb without
> authenticating once again against DNEWS, this providing a single login to
> the entire system. I guess that DnewsWeb talks to DNEWS in tha same manner
> as sslwrap (from127.0.0.1) because now I get prompted for username and
> password when accessing.
>
> Can this be solved by configurating DnewsWeb to submit a username and
> password automatically? This user will exist only on the server and noone
> will notice beeing loged in as it (I do not use personilized features in
> dnewsweb).
I believe you can do this in dnewsweb.ini by adding the following
settings...
default_user webuser
tellnews_pass xxxxx
Where xxxxx is the contents of your tellnews.pass file from the DNews
workarea
directory and webuser is the username you want DNewsweb to login to
DNews by
default as. Of course you'll need to define that user with a line in
users.dat.
webuser:password:None:*::
Let us know if you have any trouble getting this to work.
Regards,
Brian
--------------------------------------------------------------
Note: If you are using Dnewsweb version prior to 5.4f3 we recommend
you upgrade due to a potential security issue found in those versions.
Customer Support (private) -- [EMAIL PROTECTED]
Mailing list Support (public) -- [EMAIL PROTECTED]
Online Manual -- http://netwinsite.com/dnews/manual.htm
Netwinsite search engine -- http://www.netwinsite.com/find.htm
Online FAQ -- http://netwinsite.com/dnews/faq.htm
Mailing list archive --
http://www.netwinsite.com/cgi/dnewsweb.cgi?cmd=xover&group=netwin.dnews
ftp://ftp.netwinsite.com/pub/netwinsite
Note: To UNSUBSCRIBE from the dnews mailing list send
to [EMAIL PROTECTED] a message with the body
containing one line, unsubscribe
To post to the mailing list send to [EMAIL PROTECTED]
>
> Best regards,
> Erik Alsmyr
>
> "> >3. The DNEWs server still answers on port 119. This allows uers to login
> > >with the password unencrypted if they didn't follow the instructions to
> > >change their client to use SSL. Can I make DNEWS send a customized
> > >errormessage on port 119 before asking for password athentication? If not
> > >can I prevent DNEWS from answering on port 119?
> >
> > yes sort of, add to dnews.conf
> > nntp_logoff Please modify your client to use SSL
> > And in access.conf add:
> > *:logoff:::*
> > 127.0.01:read,post:::*
> > I think that will do the trick, basically their is a fault in the ssl
> > wraping in that
> > the connections appear to come from the local host, and you can exploit
> that
> > to refuse connections that don't come from the local host. The down side
> > is you really need to use user/passwords for access control as ip
> addresses
> > are not applied in access.conf correctly.
> >
> > ChrisP.
