This library takes no arguments because it does nothing.
This library takes the syslog facility and/or priority as argument. Example:
alias syslog1 acct_syslog.so local3 alias syslog2 acct_syslog.so news.crit alias syslog3 acct_syslog.so user.info
If no priority is specified then .info is used. If no facility is specified then auth is used. This means if you don't specify a facility/priority at all the default will be auth.info. In the above first example accounting data is logged to local3.info.
The client username is logged together with number of bytes downloaded, number of groups, number of articles, number of posts and postbytes. An example syslog accounting entry looks like this:
Mar 11 23:36:31 hostname nntpswitchd[13087]: accounting_entry: username 56427506 169 2 1 7620
This means the user username has downloaded 56MB in 169 articles. This user has joined 2 newsgroups and made 1 7.6kb post.
The argument to this library is the name of the passwordfile. It's pretty stupid but it's plaintext. It contains a line of text which is should be OK or any other text which is passed to the client if the authorization is denied. Example usage:
alias supportnet auth_passwd.so /etc/passwd.supportnet
The password file looks like:
guest:guest:No guest login allowed test:secret:OK john:g3he1m:Account Disabled whatever:password:OK
This library can be used to proxy the authentication information to a POP3 server. The argument is the hostname of the server followed by the portnumber. Example:
alias support.net auth_pop3.so mail.support.net:110
The pattern from which this authentication module is matched is stripped from the username part. So if the user logs in initially with "user@example", the username passed to the POP3 server will be only "user". considering an Authenticator match like
*@example AuthExample AcctExample ExampleProfile
This is almost the same as the pop3 authentication library except that this connects to a remote NNTP server instead of a POP3 server.
The argument to this library can be "true" or anything else to make it "false". If it's false the authentication is denied, if it is true the authentication is accepted. Regardless of what the user entered for username and password.
This library is for PostgreSQL authorization. The argument is a PostgreSQL connect string for example:
alias dbUsers auth_postgres.so hostaddr=192.168.1.1 dbname=users user=test
The pattern from which this authentication module is matched is stripped from the username part.
This module is quite simple and probably needs some hacking to suit your needs. By default it reads the fields "login" and "password" from a table named "users". An example database layout looks like:
create table users (
login varchar(32),
password varchar(32)
);
Look for MySQL notes at the PostgreSQL. Basically the connect string from postgres is emulated but the only supported fields are hostname, dbname, username and password. A sample alias looks like:
alias dbUsers auth_mysql.so hostname=192.168.1.1 dbname=users user=test password=test
The connect string can be separated by spaced, commas or collons. The database query is again quite simple and might need some hacking.
The radius module obviously connects to a radius server. The hostname or ip address and the secret are the only two arguments to this module:
alias radUsers auth_radius.so radiusd1.example.com:l33ts3cr3t
This module was originally submitted by ADS of Voicenet, thanks!
The specification of this module is the same as the radius authorization module:
alias radacct acct_radius.so radiuslog1.example.com:mysecret
Everything possibly interresting item is currently logged. At the moment only stop records are sent. Future versions will probably support Start and Intermediate records too.
This is a summary of attributes logged. Not all radius servers support logging of NAS-Port if the client is not first authenticated so that's commented out by default in de source.
Table 1. Radius Accounting Parameters
| Framed-IP-Address | The IP Address of the client |
| Acct-Session-Time | Total time in seconds this client was connected |
| Acct-Input-Packets | The number of articles downloaded. |
| Acct-Input-Octets | The number of bytes downloaded. |
| Acct-Output-Packets | The number of articles posted. |
| Acct-Output-Octets | The number of bytes posted. |