|
I am setting up a forum (with HyperNews 1.10) on a web server that is behind a firewall AND protected with authentication, such that no one without a password can even view a given page.
Since the users are a highly trusted group that has already been authenticated, I want to minimize security on the HyperNews forum itself - i.e. anyone can post,
or change their subscription info without being a member of the forum. I have set my hnrc settings to reflect this, and also set $manualSecurity = 1 and $externalSecurity = 1.
But when test users try to post messages (for example), rather than querying for their user id's or e-mail addresses like it should, HyperNews says, "Your message will be posted using the User ID: 'xyz'. If you wish to use a different User ID, you'll need to login again", where 'xyz' is the user's ID on the web server. This clearly won't work, because HyperNews doesn't have a valid e-mail address for the person posting, so messages will go out into the vacuum.
How can I get HyperNews to realize that the poster is NOT an authenticated member of the forum and that it should query for user ID and/or e-mail address?
Thanks,
Peter S.
|
How to decouple sever/HyperNews security? 
New option needed to ignore REMOTE_USER
by liberte@hypernews.org, 2000, Feb 04
HyperNews now tries to authenticate multiple times
by pgs@segsrv.hlo.dec.com, 2000, Feb 04
Sounds like icons are authenticated
by liberte@hypernews.org, 2000, Feb 21
