(SASL Configuration file for nnrpd.)


The file sasl.conf in pathetc specifies Simple Authentication and Security Layer (SASL), defined in RFC 2222, for nnrpd. Now nnrpd implements only Security Layer support, which is an extension of RFC 2595. This means you can get SSL or TLS encrypted NNRP between your server and newsreaders. It requires OpenSSL 0.9.3 or newer from; it has been tested with versions 0.9.4 and 0.9.5.


To use SSL, a certificate and private key are needed that you can create using the openssl binary. Make certain that each keys are owned by your news user, news group, and are mode 0640 or 0660.


   openssl req -new -x509 -nodes -out /usr/local/news/lib/cert.pem\
    -days 366 -keyout /usr/local/news/lib/cert.pem
   chown news:news /usr/local/news/lib/cert.pem
   chmod 640 /usr/local/news/lib/cert.pem

You also can make the keys as the root user with make cert.


Comments begin with a number sign (#) and continue through the end of the line. Blank lines and comments are ignored. All other lines specify parameters, and should be of the form

    <option>: <value>

where <option> is the name of the configuration option being set and <value> is the value that the configuration option is being set to.

Blank lines and lines beginning with (#) are ignored. For boolean options, the values yes, on, t, and 1 turn the option on; the values no, off, f, and 0 turn the option off.


The path to a file containing the server's certificate.


The path to a file containing the server's private key.


The path to a directory containing the CA's certificate.


The path to a file containing the CA's certificate.


Implement methods of the authentication protocols of SASL.


Written by Kenichi OKADA <> for InterNetNews.


inn.conf(5), innd(8), nnrpd(8), readers.conf(5)

Last modified and spun 2022-12-12