Send inn-workers mailing list submissions to
        [email protected]

To subscribe or unsubscribe via the World Wide Web, visit
        https://lists.isc.org/mailman/listinfo/inn-workers
or, via email, send a message with subject or body 'help' to
        [email protected]

You can reach the person managing the list at
        [email protected]

When replying, please edit your Subject line so it is more specific
than "Re: Contents of inn-workers digest..."


Today's Topics:

   1. Excluding Cancel-Lock for certain users (Julien ?LIE)


----------------------------------------------------------------------

Message: 1
Date: Fri, 25 Feb 2022 21:45:09 +0100
From: Julien ?LIE <[email protected]>
To: "[email protected]" <[email protected]>
Subject: Excluding Cancel-Lock for certain users
Message-ID: <[email protected]>
Content-Type: text/plain; charset=UTF-8; format=flowed

Hi all,

As an identity is always assigned by readers.conf, all posts are 
considered to be sent by a known posting-account (the one appearing in 
Injection-Info).
Yet, it causes a problem with Cancel-Lock because some identities may be 
shared between several persons.  Which means that any user with that 
identity can cancel any other post from another user with the same identity.

I'm wondering whether a parameter should not be added for access blocks 
in readers.conf so as to prevent the generation of user Cancel-Lock and 
Cancel-Key for them (of course, the admin Cancel-Lock is always generated).

Example of use:

access "all" {
     users: "<all>"
     newsgroups: "*"
     canlock: false
}

# Same thing for "<localhost>" or similar common access blocks.



If not set, "canlock" defaults to true (meaning user Cancel-Lock and 
Cancel-Key are generated).


This proposal follows a discussion I've just had in a French newsgroup, 
where someone (St?phane) pointed out a problem with the usual Perl code 
used to generate Cancel-Lock and Cancel-Key in filter_nnrpd.pl on 
servers without any authentication needed.
I believe this should be taken into account in the native Cancel-Lock 
implementation in nnrpd, and I would suggest that "canlock" parameter.


If you have any better idea, do not hesitate to tell.

-- 
Julien ?LIE

??La grippe, ?a dure huit jours si on la soigne et une semaine si on ne
   fait rien.?? (Raymond Devos)


------------------------------

Subject: Digest Footer

_______________________________________________
inn-workers mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/inn-workers


------------------------------

End of inn-workers Digest, Vol 138, Issue 1
*******************************************

Reply via email to