+ 14 Jan 11:02:34 [23306] addr: 21:1/136@fsxnet
+ 14 Jan 11:02:34 [23306] addr: 3:770/999@fidonet
? 14 Jan 11:02:34 [23306] inconsistent pwd settings for this node
? 14 Jan 11:02:34 [23306] `letmein': incorrect password
It seems like I can't offer a node that I have setup for one Zone an option to connect to another Zone unless I use the same passwords
across all definitions? Is this correct or am I missing something?
Howdy,
It seems like I can't offer a node that I have setup for one Zone an op to connect to another Zone unless I use the same passwords
across all definitions? Is this correct or am I missing something?
Correct.
There is an implementation of binkd that authenticates against *each* address (there is a flag for it, but it escapes me) - but I dont think
any implementation of binkp protocol does it.
So the authentiction is done against the first address presented, and validated with each addtional address to determine if mail for those addresses should also be sent to this authenticated caller.
+ 14 Jan 11:02:34 [23306] addr: 21:1/136@fsxnet
+ 14 Jan 11:02:34 [23306] addr: 3:770/999@fidonet
? 14 Jan 11:02:34 [23306] inconsistent pwd settings for this node
? 14 Jan 11:02:34 [23306] `letmein': incorrect password
in the above case I have a node in Zone 21 defined in BinkD and a
password etc. all set up.
The node has then flown a fidonet test aka 3:770/999 that I have a definition for also in BinkD
node 3:770/999@fidonet noname.com letmein h /hub/filebox/fidonet_z3n770n999
The passwords between Zone 21 definition in BinkD for this node and the test Fido aka are not the same.
It seems like I can't offer a node that I have setup for one Zone an option to connect to another Zone unless I use the same passwords across all definitions? Is this correct or am I missing something?
Yes, that is another problem with binkp's flawed security model.
I this use case one could try to use the perl-hooks for an workaround. Simplest solution would be to check for the test AKA and then
only present the relevant Fido AKA (and drop all your other AKAs). So call from 3:770/999 only returns 3:770/100.
The problem with this workaround is, that the node cannot receive any other mails (from FSX) if ith's polling its mails, as long as the
test AKA is configured. So could make the perl script a bit more complicated and check, if there is anything in your outbound for
3:770/999 and if the outbound is empty, drop the Fido AKA.
You dont need a perl script to hide AKA's - it's a config option.
Although IIRC, you were playing with a perl script that enhanced the hide AKA option that binkd provides.
On FSX Hub 3, it's a hub for multiple networks, but when anybody in FSX connects to it, it'll hide the AKA's for the other networks that are not common with the hub.
The side effect is, if more than 1 address is in
common (and thus presented), then the password must be the same for each, otherwise you get that "invalid password" type message.
There is an implementation of binkd that authenticates against
*each* address (there is a flag for it, but it escapes me) - but I
dont think any implementation of binkp protocol does it.
If anyone knows that version, please sing out.
Sysop: | Eric Oulashin |
---|---|
Location: | Beaverton, Oregon, USA |
Users: | 93 |
Nodes: | 16 (1 / 15) |
Uptime: | 04:41:43 |
Calls: | 5,157 |
Calls today: | 2 |
Files: | 8,492 |
Messages: | 352,739 |