Version 1.5.9 of NNTP contains Brian Kantor's authorization scheme described in the proposed NNTP Version 2 specification. This proposal is not published at this time. Here is how it works: Three files are involved on the server: the nntp access file, the system group file and the system password file. The semantics of the nntp access file have changed a little. read access DOES NOT imply xfer capability. For a site to have both, a new token "both" has been added. If any of the tokens (READ,XFER,BOTH,POST) are capitalized and AUTH was defined in common/conf.h, then authentication will be required. The client program will send "authinfo user USERID" and then "authinfo pass PASSWORD" which will be checked in two ways. First, the userid and password will be validated against the entry in /etc/passwd. Next, that user will be checked to insure that s/he is part of the "nntp" group. If both conditions are satisfied, the authentication is complete. The user entry in /etc/passwd should have some sort of innocuous program (say /bin/sync) as the shell, in case the password becomes compromised. Currently, only nntpxmit and inews have the AUTH routines in them. On each client machine on which authentication will be required, a authenication file will need to be created. This location of this file is specified in common/conf.h as PASSFILE. The format of this file is "nntp_server userid password" in plain text. Therefore, you should protect this file with 600, have it owned by "usenet" or "news" and setuid inews to that user. Note that this file is required for each CLIENT, but not on the SERVER. Obviously, this is not a complete solution, but this software if provided as a first step towards solving the problem of poster/reader authentication. Expansions of this process in line with the NNTP version 2 spec are welcome. Kerberos or equivalent is really the way to go for this sort of thing. We'd welcome code from someone who implements the version 2 spec using such a scheme. Comments about the spec should be sent to brian@ucsd.edu. Code should be sent to nntp@tmc.edu. Enjoy, BRIAN KANTOR & STAN BARBER brian@ucsd.edu nntp@tmc.edu $Revision: 1.3 $ $Date: 90/09/01 22:07:16 $