<HTML ><HEAD ><TITLE >Access control in NNTPd</TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ "><LINK REL="HOME" TITLE="Usenet News HOWTO " HREF="index.html"><LINK REL="PREVIOUS" TITLE="Security issues" HREF="x758.html"><LINK REL="NEXT" TITLE="Components of a running system" HREF="component.html"></HEAD ><BODY CLASS="SECTION" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" ><DIV CLASS="NAVHEADER" ><TABLE SUMMARY="Header navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TH COLSPAN="3" ALIGN="center" >Usenet News HOWTO</TH ></TR ><TR ><TD WIDTH="10%" ALIGN="left" VALIGN="bottom" ><A HREF="x758.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="80%" ALIGN="center" VALIGN="bottom" ></TD ><TD WIDTH="10%" ALIGN="right" VALIGN="bottom" ><A HREF="component.html" ACCESSKEY="N" >Next</A ></TD ></TR ></TABLE ><HR ALIGN="LEFT" WIDTH="100%"></DIV ><DIV CLASS="SECTION" ><H1 CLASS="SECTION" ><A NAME="AEN818">8. Access control in NNTPd</H1 ><P >The original NNTPd had host-based authentication which allowed clients connecting from a particular IP address to read only certain newsgroups. This was very clearly inadequate for enterprise deployment on an Intranet, where each desktop computer has a different IP address, often DHCP-assigned, and the mapping between person and desktop is not static.</P ><P >What was needed was a user-based authentication, where a username and password could be used to authenticate the user. Even this was provided as an extension to NNTPd, but more was needed. The corporate IS manager needs to ensure that certain Usenet discussion groups remain visible only to certain people. This authorisation layer was not available in NNTPd. Once authenticated, all users could read all newsgroups.</P ><P >We have extended the user-based authentication facility in NNTPd in some (we hope!) useful ways, and we have added an entire authorisation layer which lets the administrator specify which newsgroups each user can read. With this infrastructure, we feel NNTPd is fit for enterprise deployment and can be used to handle corporate document repositories, messages, and discussion archives. Details are given below.</P ><DIV CLASS="SECTION" ><H2 CLASS="SECTION" ><A NAME="AEN823">8.1. Host-based access control</H2 ><P >TO BE ADDED LATER</P ></DIV ><DIV CLASS="SECTION" ><H2 CLASS="SECTION" ><A NAME="AEN826">8.2. User authentication and authorisation</H2 ><DIV CLASS="SECTION" ><H3 CLASS="SECTION" ><A NAME="AEN828">8.2.1. The NNTPd password file</H3 ><P >TO BE ADDED LATER</P ></DIV ><DIV CLASS="SECTION" ><H3 CLASS="SECTION" ><A NAME="AEN831">8.2.2. Mapping users to newsgroups</H3 ><P >TO BE ADDED LATER</P ></DIV ><DIV CLASS="SECTION" ><H3 CLASS="SECTION" ><A NAME="AEN834">8.2.3. The <TT CLASS="LITERAL" >X-Authenticated-Author</TT > article header</H3 ><P >TO BE ADDED LATER</P ></DIV ><DIV CLASS="SECTION" ><H3 CLASS="SECTION" ><A NAME="AEN838">8.2.4. Other article header additions</H3 ><P >TO BE ADDED LATER</P ></DIV ></DIV ></DIV ><DIV CLASS="NAVFOOTER" ><HR ALIGN="LEFT" WIDTH="100%"><TABLE SUMMARY="Footer navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" ><A HREF="x758.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="index.html" ACCESSKEY="H" >Home</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" ><A HREF="component.html" ACCESSKEY="N" >Next</A ></TD ></TR ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" >Security issues</TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" > </TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" >Components of a running system</TD ></TR ></TABLE ></DIV ></BODY ></HTML >