Linux Network Administrator Manual (18)
2000-07-31 15:38
Publisher: NetBull Readings: 1004 Translation: Zhao Wei GoHigh@shtdu.edu.cn Chapter 18 NNTP Description Due to the different network transmission methods used, NNTP provides a very different way. NNTP represents the Network News Transfer Protocol ("Network News Transfer Protocol), which is not a specific package, but an Internet standard. [1] It is based on a stream connection typically on TCP, which exists between customers in the network and a server host that saves network news on the disk. Flow connection allows customers to negotiate almost no delayed articles transmitted with the server, thus makes repetitive articles very low. In addition, due to the high transmission rate of the Internet, this makes the current transmission of the news over the original UUCP network. And in a few years ago, let an article arrived at the last corner of the USENET often two weeks or longer, this is a common phenomenon at the time, but now you often reach two days; in the internet, I only take a few minutes. There are various commands that allow customer to retrieve (extraction), send and deliver articles. The difference between sending and delivery is that the latter may involve an article with incomplete heading information. [2] The retrieval of the article can be used for news transfer customers and news readers. This makes NNTP for many customers with an excellent tool for news access on a local network without the need to bend around the NFS. NNTP also provides a proactive and passive news transmission method, which is referred to as "pushing" and "pull") operation. The push operation is basically the same as the IHAVE / SENDME protocol of C News. Customers pass "IHAVE
"The command provides an article to the server, and the server returns a response code, indicating whether this article is already there, or wants this article. If you want this article, the customer will send this article, and use a single point End this article on a stand-alone line.
Pushing into news has a shortcoming that it will bring a lot of load to the server system because the server must search for its historical database for each article.
The opposite technology is to pull out news. In this operation, the customer requests a list of lists of all articles arriving after the specified date in a group. This query is performed by the newnews command. From the returned message header, the customer picks out the article that you have not yet, then use the article command to each article.
The problem of pulling out the news is that it requires a strict control of the group and the information requested by the server. For example, it must ensure that there is no confidential information in the local site newspaper group to be sent to unrecognized customers.
There are still many convenient commands for news readers to allow them to retrieve the article title and article content, even to retrieve a line of rows in a series of articles. This allows you to save all the news on a central host, let all users on the network (assuming are local), using NNTP-based client-based client-based readings and delivery. This is another alternative to the NFS output news directory discussed in Chapter 17.
One overall problem with NNTP is that it allows the accounts to insert an article inserted into the press stream. This is called a news facking. [3] A extension to NNTP is to require user authentication for a particular command.
There are many NNTP software packages. The most famous is NNTP Daemon, also known as a reference implementation (Reference Implementation). Original, it is written by Stan Barber and Phil Lapsley to demonstrate the details of the RFC 977. It is currently NNTPD-1.5.11, which will be discussed below. You or you can get the source program and compile yourself, or use the NNTPD in the package of the Fred Van Kempen. There is no existing direct available NNTPD because there are many values related to the site to be compiled. The NNTPD package consists of one server and two client software and an INEWS alternative, which are used to pull out and push the operation, respectively. They are originally running in a BNEWS environment, but some strange is that they can run well under C News. However, if you plan to use NNTP, it is not only a function of providing access to your news server to the news reader, but the reference implementation is not a practical selection. So we will only discuss NNTP DAEMON in the NNTPD package, without involving client programs.
There is also a package called "Internet News", or referred to as INN, is written by Rich Salz. It also provides newsletter based on NNTP and UUCP and is more suitable for large news networks. When it is applied to the news transmitted on NNTP, it must be better than NNTPD. The current version of Inn is INN-1.4sec. A small software prepared by ARJAN DE VET is used to build inn on the Linux machine; you can get it from the System / Mail directory of sunsite.unc.edu. If you want to set Inn, refer to the document coming with the random program, as well as the Inn FAQ in News.Software.b regularly.
18.2 Installing the NNTP Server
NNTP servers are called NNTPD, which can be compiled in two ways according to the load on the news system. There is no ready-made version because some default settings related to the site are prepared in the execution file. All configuration parameters are implemented by macro definition in Common / Conf.h.
NNTPD can be configured to start from RC.inet2 when the system is started, or the background program (daemon) configured by inetd. In the latter case, you must have the following entry in /etc/inetd.conf:
NNTP Stream TCP NOWAIT News /usR/etc/in.nntpd nntpd
If you configure nntpd into a stand-alone form (independent), be sure that anything in inetd.conf has been commented on the above row. In both ways, it must be guaranteed to have the following lines in / etc / services:
NNTP 119 / TCP READNEWS Unp # network news transfer protocol
If you want to temporarily store any inbound articles, then nntpd in your press fake offline directory also requires a .tmp directory. You should use the following command to create it.
# mkdir /var/spool/news/.tmp
# chown news.news /var/spool/news/.tmp
18.3 Limiting access to NNTP
Access to NNTP resources is controlled by the NNTP_ACcess file in / usr / lib / news. Each line in this file describes access to the external host. The format of each line is as follows:
Site Read | XFER | BOTH | NO POST | NO [! EXCEPTGROUPS]
If a customer is connected to the NNTP port, NNTPD will re-query through the client's IP address to obtain a wholly-owned domain name of the client host. At this point, the customer's hostname and IP address are used to check with the Site field icons of each entry that appear in the file. Maybe some match may also be fully matched. If there is an entry that is fully matched, use this entry; if it is partially matched, then apply this entry when there is no other better match entry. Site can specify one of the following methods: Hostname This is a wholly-owned domain name. If it is fully matched with the customer's specifications hostname, use this entry, and the other entries are ignored.
IP Address This is a domain name specified with * .domain. If the client's hostname matches this domain name, this entry is matched.
NetWork name This is the name of the network specified in / etc / networks. If the network number of the client IP address matches the network number corresponding to the network name, the entry is matched.
Default Default matches any customer.
The entry with a more general site description should be specified in front because any of these match entries will be replaced by a more accurate matching entry behind.
The second and third fields describe access to the customer. The second field describes the permissions of the news through the Pull out (read) operations and through the push (XFER) operation. A Both value will enable both, and NO prohibits both access. The third field gives customers permission to deliver the article, that is, the post-passing the news software has the original article with incomplete title information. If the second field contains a value NO, then the third field is ignored.
The fourth field is optional, containing a list of groups that are disabled by a comma.
A sample nntp_access file is shown below:
#
# by Default, Anyone May Transfer News, But Not Read or POST
Default XFer NO
#
# public.vbrew.com OFFERS PUBLIC Access Via Modem, Weailow
# Them to read and post to any but the local. * groups
Public.vbrew.com read post! local
#
# all Other Hosts At The Brewry May Read and POST
* .vbrew.com read Post POST
18.4 NNTP Authorization
When the access marker in the NNTP_Access file is written in uppercase letters, NNTPD needs to be approved from the customer from the customer. For example, when a XFER or XFER permission is specified, then the NNTPD only allows the customer to transfer files to your site.
The authority recognition process is done by a new NNTP command called Authinfo. Using this command, the customer will send a username and a password to the NNTP server, NNTPD verifies them by comparing this username and password with the content of the / etc / passwd database, and if the user is to belong to NNTP groups.
The current implementation of NNTP privileges is only experimental, so its transplantability is not very good. The result is that it can only be used in plain text forms of password database; the shadow password library is not recognized.
18.5 Interaction between NNTPD and C News
When an article is received, NNTPD must deliver it into the news subsystem. According to it is received by IHAVE or the post command, the article will be sent to RNEWS or INEWS, respectively. In addition to calling RNEWS, you can also configure it into batch into the station article and transfer the results into /var/spool/news/in.coming, in this place, will wait for the next queue operation RelayNews Take them. In order to be able to properly execute the IHAVE / SendMe protocol, NNTPD must be able to access the History file. Therefore, when compiling, you must have a confident path. You must also be sure that c news and nntpd use the History files in the same format. C News Use the DBM Harbed (hash) function to access it; however, the DBM library has many different and slight incompatible implementations. If c news is linked to a different DBM library in standard libc, then you must also let NntPD connect to the library.
NNTPD and C News One typical sign in database format is that the error message in the system log indicates that NNTPD does not correctly open it, or it is a repetitive article through NNTP. A good test method is to take an article from the spool directory, remote login to the NNTP port, and provide this article to NNTPD, see below (your input is like this marked). Of course, you must replace the message-id that you want to feed the nntpd.
$ TELNET LOCALHOST NNTP
Trying 127.0.0.1 ...
Connected to Localhost
Escape Characters is '^]'.
201 VStout NNTP [Auth] Server Version 1.5.11t (16 November 1991) Ready At
Sun Feb 6 16:02:32 1194 (no posting)
IHAVE
435 got it.
Quit
This conversation shows the appropriate response of NNTPD; information "GOT IT" tells you that it already has this article. If you get information "335 ok" instead of "GOT IT", this means that for some reason, the query of the Histroy file failed. The dialogue can be aborted by Ctrl-D. You can check the error by checking the system log; NNTP will use Syslog's daemon to record all types of messages. The incompatibility of the DBM library is usually very clear in a message, indicating that dbminit failed.
Comment
[1] is officially described in RFC 977.
[2] When mailing an article via NNTP, the server at least to add a title field, which is nntp-posting-host:. It contains the host name of the customer.
[3] SMTP, that is, the simple mail transmission protocol also exists.
source:
Linux free pigeon
