Send inn-workers mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.isc.org/mailman/listinfo/inn-workers
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of inn-workers digest..."
Today's Topics:
1. Re: private newsgroups & collabra server? (Miles Fidelman)
2. Re: private newsgroups & collabra server? (Thomas Hochstein)
----------------------------------------------------------------------
Message: 1
Date: Sat, 9 Apr 2016 08:50:48 -0400
From: Miles Fidelman <[email protected]>
To: [email protected]
Subject: Re: private newsgroups & collabra server?
Message-ID: <[email protected]>
Content-Type: text/plain; charset=windows-1252; format=flowed
On 4/9/16 7:50 AM, Thomas Hochstein wrote:
> Miles Fidelman schrieb:
>
>> A follow-up question though - I know that INN (and NNTP) have some
>> authentication capabilities - but what I'm still trying to figure out is
>> whether these are local only, or whether there are any global
>> authentication capabilities for newsgroup access (e.g., encryption
>> of messages under a shared key, or distributed access control using
>> Kerberos).
> INN supports external programs for authentification, see
> <https://www.eyrie.org/~eagle/software/inn/docs-2.6/external-auth.html>.
> Examples shipped with INN include:
<snip>
>
> You can modify one of them to suit your needs or roll your own.
>
> It is quite possible to set INN up, using Kerberos or a SQL database
> for authentification, with user accounts managed using a GUI or a web
> app (you'd most probably had to create yourself); and you could manage
> creation, modification or deletion of local newsgroups by a GUI tool
> or a web app, too. It shouldn't be too hard to whip something up in
> that way.
Ok - but these only get you as far as authenticating a user to
individual servers.
Perhaps I wasn't as clear as I could have been about what I'm asking.
So let me elaborate: I'm trying to provide global access control to a
specific, private, newsgroup, across all servers that subscribe - using
some kind of global mechanism.
Obviously, only distributing to servers that require authentication is a
start, coupled with kerberos or radius to manage access rights across
all users and servers.
That leads to a follow-up question: At what granularity can INN apply
authentication-based access control - to the server, or to the
individual newsgroup?
But, what I'm really thinking is something more like encrypting
individual messages under a newsgroup-specific key, and using kerberos,
or something like it, to make that key available to authenticated users
- allowing fine-grained access control on a per-user x per-newsgroup
basis. Is there anything in the message formats, nntp protocol
extensions, and INN (or other server) to support this kind of access
control?
Thanks Again,
Miles
--
Miles Fidelman, Principal
Protocol Technologies Group, LLC
617-538-9249 - [email protected]
------------------------------
Message: 2
Date: Sat, 09 Apr 2016 18:12:19 +0200
From: Thomas Hochstein <[email protected]>
To: [email protected]
Subject: Re: private newsgroups & collabra server?
Message-ID: <[email protected]>
Content-Type: text/plain; charset=us-ascii
Miles Fidelman schrieb:
> Ok - but these only get you as far as authenticating a user to
> individual servers.
Or multiple servers under your control, yes.
I thought that was what Netscape Collabra did.
> That leads to a follow-up question: At what granularity can INN apply
> authentication-based access control - to the server, or to the
> individual newsgroup?
To the individual newsgroup with different permissions (read, post,
...).
------------------------------
_______________________________________________
inn-workers mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/inn-workers
End of inn-workers Digest, Vol 83, Issue 6
******************************************
