LDP/LDP/howto/docbook/Usenet-News-HOWTO/accesscontrol.sgml

<section><title>Access control in NNTPd</title>
<para>
The original NNTPd had host-based authentication which allowed clients
connecting from a particular IP address to read only certain newsgroups.
This was very clearly inadequate for enterprise deployment on an
Intranet, where each desktop computer has a different IP address, often
DHCP-assigned, and the mapping between person and desktop is not static.
</para>

<para>
What was needed was a user-based authentication, where a username and
password could be used to authenticate the user. Even this was provided
as an extension to NNTPd, but more was needed. The corporate IS manager
needs to ensure that certain Usenet discussion groups remain visible only
to certain people. This authorisation layer was not available in NNTPd.
Once authenticated, all users could read all newsgroups.
</para>

<para>
We have extended the user-based authentication facility in NNTPd in some
(we hope!) useful ways, and we have added an entire authorisation layer
which lets the administrator specify which newsgroups each user can
read. With this infrastructure, we feel NNTPd is fit for enterprise
deployment and can be used to handle corporate document repositories,
messages, and discussion archives. Details are given below.
</para>

<section><title>Host-based access control</title>
<para>TO BE ADDED LATER</para>
</section>

<section><title>User authentication and authorisation</title>

    <section><title>The NNTPd password file</title>
    <para>TO BE ADDED LATER</para>
    </section>

    <section><title>Mapping users to newsgroups</title>
    <para>TO BE ADDED LATER</para>
    </section>

    <section><title>The <literal>X-Authenticated-Author</literal> article header</title>
    <para>TO BE ADDED LATER</para>
    </section>

    <section><title>Other article header additions</title>
    <para>TO BE ADDED LATER</para>
    </section>

</section>
</section>