Hi all,

I must admit I've not done much with user authentication other than the
basic readers.conf stuff, and then I'm not sure I fully understand that
but anyway...I digress.

I would like users on my bulletin board to be able to use my usenet
server, but logging in with their BBS username and password. These are
stored on a different server to the innd server.

I'm open to suggestions on how I can authenticate the BBS users. I have
a couple of options, when a new user registers and I verify them, I can
manually run a script to update the news server, but then I'd have to
remember to manually remove them if I delete the account.

The other is some sort of auth script that checks the users entered
username & password against the BBS database which can then provide a
yes/no as to whether they should be allowed in.

I'm sure I'm not the only one who needs to do with so thought I'd ask
rather than re-write the wheel.

Thanks,

--
End Of The Line BBS - Plano, TX
telnet endofthelinebbs.com 23

Nigel Reed <sysop@endofthelinebbs.com> writes:

> The other is some sort of auth script that checks the users entered
> username & password against the BBS database which can then provide a
> yes/no as to whether they should be allowed in.

I would do this, but then I've written tons of scripts like this so it's
fairly easy for me. The protocol is documented in EXAMPLES in ckpasswd.
If you specify a program with the auth: key in the auth block of
readers.conf, it is run when the user authenticates and gets:

ClientAuthname: <username>
ClientPassword: <password>

on standard input. It should print:

User: <username>

and exit with status 0 on successful authentication, and print some error
message and exit with non-zero status

The program can then do whatever you want, such as reach out to your BBS
system to check the username and password.

--
Russ Allbery (eagle@eyrie.org) <https://www.eyrie.org/~eagle/>

Please post questions rather than mailing me directly.
<https://www.eyrie.org/~eagle/faqs/questions.html> explains why.

On Thu, 29 Sep 2022 18:10:20 -0700
Russ Allbery <eagle@eyrie.org> wrote:

> Nigel Reed <sysop@endofthelinebbs.com> writes:
>
> > The other is some sort of auth script that checks the users entered
> > username & password against the BBS database which can then provide
> > a yes/no as to whether they should be allowed in.
>
> I would do this, but then I've written tons of scripts like this so
> it's fairly easy for me. The protocol is documented in EXAMPLES in
> ckpasswd. If you specify a program with the auth: key in the auth
> block of readers.conf, it is run when the user authenticates and gets:
>
> ClientAuthname: <username>
> ClientPassword: <password>
>
> on standard input. It should print:
>
> User: <username>
>
> and exit with status 0 on successful authentication, and print some
> error message and exit with non-zero status
>
> The program can then do whatever you want, such as reach out to your
> BBS system to check the username and password.

Thank you. Sounds like every I need right there. I'll take a look at
the examples. I can write a program to listen to encrypted auth
requests on the BBS side easily enough so I think I'm good.

Thanks,

--
End Of The Line BBS - Plano, TX
telnet endofthelinebbs.com 23