sasl.conf - SASL Configuration file for nnrpd.

The file sasl.conf in pathetc specifies Simple Authentication and Security Layer (SASL), defined in RFC 2222, for nnrpd. Now nnrpd implements only Security Layer support, which is an extension of RFC 2595. This means you can get SSL or TLS encrypted NNRP between your server and newsreaders. It requires OpenSSL 0.9.3 or newer from http://www.openssl.org/; it has been tested with versions 0.9.4 and 0.9.5.

To use SSL, a certificate and private key are needed that you can create using the openssl binary. Make certain that each keys are owned by your news user, news group, and are mode 0640 or 0660.

   openssl req -new -x509 -nodes -out /usr/local/news/lib/cert.pem\
    -days 366 -keyout /usr/local/news/lib/cert.pem
   chown news:news /usr/local/news/lib/cert.pem
   chmod 640 /usr/local/news/lib/cert.pem

You also can make the keys as the root user with CWmake cert.

Comments begin with a number sign (CW#) and continue through the end of the line. Blank lines and comments are ignored. All other lines specify parameters, and should be of the form

    <option>: <value>

where <option> is the name of the configuration option being set and <value> is the value that the configuration option is being set to.

Blank lines and lines beginning with (CW#) are ignored. For boolean options, the values CWyes, CWon, CWt, and CW1 turn the option on; the values CWno, CWoff, CWf, and CW0 turn the option off.

tls_cert_file

The path to a file containing the server's certificate.

tls_key_file

The path to a file containing the server's private key.

tls_ca_path

The path to a directory containing the CA's certificate.

tls_ca_file

The path to a file containing the CA's certificate.

Implement methods of the authentication protocols of SASL.

Written by Kenichi OKADA <okada@opaopa.org> for InterNetNews.

inn.conf(5), innd(8), nnrpd(8), readers.conf(5)