Sophie: newscache-1.2-0.11.rc6.fc12 x86

newscache-1.2-0.11.rc6.fc12.x86_64.rpm

		       NewsCache - PAM - A Short Guide
		       ===============================

							Author: Herbert Straub
						 e-mail: herbert.straub@aon.at
							      Date: 2004-02-01

o) PAM - Pluggable Authentication Modules
-----------------------------------------

The System Adminstrators' Guide, The Modules Writes' Guide and The Application
Developers' Manual can be downloaded from:
http://www.kernel.org/pub/linux/libs/pam/pre/doc/

The Linux-PAM page can be found under:
http://www.kernel.org/pub/linux/libs/pam/

NewsCache is a registraded PAM application:
http://www.kernel.org/pub/linux/libs/pam/modules.html



o) Configuration Options
------------------------

That you can use PAM with usecache, you have to use the configuration options:

--with-pam 
  enable the PAM code in NewsCache. NewsCache uses "newscache" as PAM
  ServiceName.

--with-pam=pam-service-name-string
  with a optional argument the PAM Servicename can be specified.



o) PAM Service Name
-------------------

The System Administrator configure the PAM with the PAM Service Name (read the
System Administrator's Guide section 4.1 Configuration file syntax). The PAM
Service Name is investigate in the following way:

1) no specific configuration option is specified, then using the actual
program name.
2) --with-pam=foo is specified, then this parameter is used
3) the newscache.conf AccessList -> Client -> PAMServicename is specified,
then this name is used for the client, who matches the Client criteria.



o) Simple example configuration
-------------------------------

Allow only authenticated users! The configuration option --with-pam is used

Part of /etc/newscache.conf:

AccessList {
        Client stdin {
        allow authentication
        List !*
        Read !*
        PostTo !*
        Authentication pam:*:*:*:read,post
        }

The /etc/pam.d/newscache contains:
auth       required     pam_unix.so
account    required     pam_permit.so



o) Using two pam configuration - RADIUS
---------------------------------------

The configuration option --with-pam is used
What you need: http://www.freeradius.org/pam_radius_auth/

Part of /etc/newscache.conf:

AccessList {
        Client net1.mynet.at {
        allow
        List 
        Read
        PostTo
        Authentication pam:*:*:*:read,post
	PAMServicename newscache_net1
        }

        Client net2.mynet.at {
        allow
        List 
        Read
        PostTo
        Authentication pam:*:*:*:read,post
	PAMServicename newscache_net2
        }

/etc/pam.d/newscache_net1 contains:
The /etc/pam.d/newscache contains:
auth       required     pam_unix.so
account    required     pam_permit.so

/etc/pam.d/newscache_net2 contains:
auth	   required	pam_radius_auth.so conf=/etc/pam_radius2_auth.conf
account    required     pam_permit.so


Clients from net1.mynet.at addresses are authorized against the radius
server I. Clients from the net2.mynet.at are authorized against the
radius server II. For information about the pam_radius_auth see:
http://www.freeradius.org/pam_radius_auth/