The file sasl.conf in pathetc specifies Simple Authentication
and Security Layer (SASL), defined in RFC 2222, for nnrpd.
Now nnrpd implements only Security Layer support, which is an extension
of RFC 2595. This means you can get SSL or TLS encrypted NNRP between
your server and newsreaders. It requires OpenSSL 0.9.3 or newer
http://www.openssl.org/; it has been tested with versions 0.9.4 and 0.9.5.
INSTALLATION
To use SSL, a certificate and private key are needed that you can
create using the openssl binary.
Make certain that each keys are owned by your news user, news group,
and are mode 0640 or 0660.
You also can make the keys by the root user as follows.
make cert
CONFIGURATION
Comments begin with a number sign (#) and continue through the
end of the line. Blank lines and comments are ignored.
All other lines specify parameters, and should be of the following form:
Each line of the sasl.conf in pathetc has the form
<option>: <value>
where <option> is the name of the configuration option being set and
<value> is the value that the configuration option is being set to.
Blank lines and lines beginning with (#) are ignored.
For boolean options, the values yes, on, t,
and 1 turn the option on, the values no, off,
f, and 0 turn the option off.
tls_cert_file
The path to a file containing the server's certificate.
tls_key_file
The path to a file containing the server's private key.
tls_ca_path
The path to a directory containing the CA's certificate.
tls_ca_file
The path to a file containing the CA's certificate.
TO DO
Implement methods of the authentication protocols of SASL.
