< ckpasswd | Russ Allbery > Software > INN > INN CURRENT Documentation | ident > |
(nnrpd domain resolver)
domain domain-name
This program can be used in readers.conf to grant access based on the
subdomain part of the remote hostname. In particular, it only returns
success if the remote hostname ends in domain-name. (A leading dot on
domain-name is optional; even without it, the argument must match on
dot-separated boundaries). The username
returned is whatever initial
part of the remote hostname remains after domain-name is removed. It
is an error if there is no initial part (that is, if the remote hostname
is exactly the specified domain-name).
The following readers.conf(5) fragment grants access to hosts with internal domain names:
auth internal { res: "domain .internal" default-domain: "example.com" } access internal { users: "*@example.com" newsgroups: example.* }
Access is granted to the example.* groups for all connections from hosts
that resolve to hostnames ending in .internal
; a connection from
foo.internal
would match access groups as foo@example.com
identity.
It seems the code does not confirm that the matching part is actually at
the end of the remote hostname (e.g., domain: example.com
would match
the remote host foo.example.com.org
by ignoring the trailing .org
part).
Does this resolver actually provide any useful functionality not available by using wildcards in the readers.conf(5) hosts parameter? If so, the example above should reflect this functionality.
This documentation was written by Jeffrey M. Vinocur <jeff@litech.org>.
nnrpd(8), readers.conf(5)
< ckpasswd | Russ Allbery > Software > INN > INN CURRENT Documentation | ident > |