Configuring Access Control; Using Enhanced Nntp Authentication - HP P4535A - Web Cache Server Appliance Administrator's Manual

Chapter 3
Take a full feed for some or all groups
For all groups designated as feed, Traffic Server does not connect to the parent news server, and instead
acts like a conventional news server. In particular, if a cache miss occurs, Traffic Server does not forward
the request to a parent news server.
Full feeds can be used for very high volume groups in which most or all the articles are accessed or for
shifting article transport to a time when bandwidth is cheaper or more plentiful.
CAUTION

Configuring access control

You can configure different types of user authentication based on source domain, hostname, or IP range. These
values are set in the
Option
Allow or deny
Basic
Generic
Custom
Authentication server
Version 2 NNTP
authentication

Using enhanced NNTP authentication

Traffic Server enables you to leverage your existing directory infrastructure to perform enhanced NNTP
authentication. You might consider using this feature in cases where simple user authentication, based on
source domain, hostname, or IP range, is insufficient for the needs of your organization. For example, you
might need to base your NNTP access control policies on factors such as time of day, system load, or other
dynamic characteristics.
Traffic Server supports enhanced NNTP authentication through the use of external programs, known as
plugins, which interface directly with your directory or database. You can write or script plugins using any
language that permits you to connect to a directory or database, including PERL and C, among others. You
can position them anywhere on the network, connected by a secure tunnel if required.
Each time a user needs to be authenticated, Traffic Server connects to the authentication server, which is part
of Traffic Server, and runs the plugin.
Taking a full feed is not recommended as the server will have no way to retrieve an
article if it is lost for any reason (such as lack of space or hardware failure).
file. Here are the available options:
nntp_access.config
Description
You can simply allow or deny particular domains, hosts, or IP ranges.
This option is simple authentication based on user name and optional password.
Generic authentication allows a specified program on the authentication server
(which can be the Traffic Server host machine or a specified remote
authentication server) to communicate with an arbitrary program on the client
to do the authentication.
An arbitrary program on the authentication server (which can be the Traffic
Server host machine or a specified authentication server) can be used to do the
authentication based on the client hostname, client IP, and optionally the client
user name and password. You can use custom authentication to interface Traffic
Server to any standard or homegrown access control mechanism.
An authentication server, possibly located on a different host machine, can be
used to do the authentication (generic and custom) This enables authentication
to be centralized.
Traffic Server supports version 2 NNTP authentication. Do not use this form of
authentication unless you are certain that all of your clients use version 2
authentication.
Web Proxy Caching
20