Send inn-workers mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.isc.org/mailman/listinfo/inn-workers
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of inn-workers digest..."
Today's Topics:
1. Re: nnrp conf (Russ Allbery)
----------------------------------------------------------------------
Message: 1
Date: Tue, 02 Dec 2014 22:19:05 -0800
From: Russ Allbery <[email protected]>
To: [email protected]
Subject: Re: nnrp conf
Message-ID: <[email protected]>
Content-Type: text/plain
Edwardo Garcia <[email protected]> writes:
> before I put back server on, is possible to have multi auth refer to one
> access? or require matching pair?
Yes.
The idea behind readers.conf is that the auth blocks assign an identity to
the user, and then the access blocks map identities to permissions. So,
if you have multiple auth blocks that map different incoming connections
to the same identity, they'll all have exactly the the same access.
If you want to have all rules come in pairs, so that one auth block always
maps uniquely to one access block, there are two ways to do it. The
easiest is to always use the default: key in the auth block to assign a
unique identity that shows up only in that auth block, and then have all
your access blocks assign permissions based on those unique identities,
matching only one such identity in each block.
(You can also use key:, but that's a bit more complicated.)
> example:
> auth "localhost" {
> hosts: "localhost, 127.0.0.1, ::1, stdin, 200.x.x.x.x/24"
> default: "<localhost>"
> }
> access "localhost" {
> users: "<localhost>"
> newsgroups: "*"
> access: RPA
> }
This access block matches only that auth block.
> auth name1 {
> hosts: " foo/16, bah/19, somefoo/19"
> default: "<parent>" <--------------------------------
> }
> auth name2 {
> hosts: "x.x.x/17, x.x.x.x/16, ..."
> default: "<parent>" <--------------------------------
> }
> access subsids {
> users: "<parent>" <-----------------
> newsgroups: "*"
> }
This access block goes with any auth block that assigns an identity of
<parent>. So it gives the same access to connections that match either of
those auth blocks.
> is this right? each subsiduary busines we let access to, has many many
> IP range, I see 8k limit per host line still, and we keep this clean in
> case company sell off one company we just delete block, hope have syntax
> right and wont be open server again?
That should not open the news server to the world. I think you've got the
right configuration for what you're trying to do.
--
Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/>
Please send questions to the list rather than mailing me directly.
<http://www.eyrie.org/~eagle/faqs/questions.html> explains why.
------------------------------
_______________________________________________
inn-workers mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/inn-workers
End of inn-workers Digest, Vol 67, Issue 3
******************************************
