Send inn-workers mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.isc.org/mailman/listinfo/inn-workers
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of inn-workers digest..."
Today's Topics:
1. Re: INN2 user authentication against system users (Kevin Shell)
2. Re: INN2 user authentication against system users (Russ Allbery)
----------------------------------------------------------------------
Message: 1
Date: Sun, 14 Feb 2021 20:42:51 +0800
From: Kevin Shell <[email protected]>
To: [email protected]
Subject: Re: INN2 user authentication against system users
Message-ID: <[email protected]>
Content-Type: text/plain; charset=iso-8859-1
On Fri, Feb 12, 2021 at 07:50:47PM +0100, Julien ?LIE wrote:
> Hi Kevin,
> > > Wouldn't "ckpasswd -s" be what you are looking for?
> > >
> > I have to change ckpasswd to setgid shadow,
> > and i works on GNU/Linux, don't konow if it works for other OSes.
it :-)
>
> Did you try Russ' suggestion of '"ckpasswd" without the "-s" option?
> It would permit to remove the setgid bit you set.
>
Yes.
I follow Russ' suggestion and the ckpasswd man page to
add nnrpd PAM entry for ckpasswd, just plain ckpasswd command
without arguments and without setgid shadow not work on Debian Linux.
> See the EXAMPLES section in
> https://www.eyrie.org/~eagle/software/inn/docs/ckpasswd.html to see how PAM
> can be configured.
>
>
> > > Which part of the EXAMPLES section at the end of the man page would you
> > > like to emphasize more?
> > > https://www.eyrie.org/~eagle/software/inn/docs/readers.conf.html
> >
> > I think just plain User/Password authentication over nntps should be easy.
> > :-)
>
> Oh, I also see that the readers.conf example file shipped with INN does not
> contain any example of ckpasswd use...
>
> So, I suggest to:
> - improve the basic readers.conf example file to add an example of
> "ckpasswd" (PAM) and "ckpasswd -f" (file) uses;
> - change the examples in the readers.conf man page to use "ckpasswd" instead
> of "ckpasswd -s" (and just say in a sentence the difference);
> - change the examples in the readers.conf man page to use "ckpasswd -f"
> instead of "ckpasswd -d" (using a plain file is far more easier);
I use "doveadm pw" to create the strong password hash,
I think "ckpasswd -f" is fast and safe.
besides, the "-d" option doesn't mention
how to create the key/value password databse,
and INN2 doesn't provide a tool to create such *dbm password database.
> - add a "QUICK START" section near the beginning of the readers.conf man
> page to just document these two most frequent uses.
>
> Do you see any other way to improve that documentation?
I agree to add such section to readers.conf,
and in ckpasswd man page refers to it too.
>
--
kevin
------------------------------
Message: 2
Date: Sun, 14 Feb 2021 09:26:40 -0800
From: Russ Allbery <[email protected]>
To: [email protected]
Subject: Re: INN2 user authentication against system users
Message-ID: <[email protected]>
Content-Type: text/plain
Kevin Shell <[email protected]> writes:
> Yes.
> I follow Russ' suggestion and the ckpasswd man page to
> add nnrpd PAM entry for ckpasswd, just plain ckpasswd command
> without arguments and without setgid shadow not work on Debian Linux.
Okay, something weird is going on because this definitely should work on
Debian Linux. There may be problems on some more exotic platforms, but on
Debian you don't even need a PAM configuration file.
What sort of output did you get when it didn't work? Did you get any
error messages? You should have gotten some syslog messages from PAM at
the very least.
--
Russ Allbery ([email protected]) <https://www.eyrie.org/~eagle/>
Please send questions to the list rather than mailing me directly.
<https://www.eyrie.org/~eagle/faqs/questions.html> explains why.
------------------------------
Subject: Digest Footer
_______________________________________________
inn-workers mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/inn-workers
------------------------------
End of inn-workers Digest, Vol 128, Issue 4
*******************************************
