--- /dev/null
+## $Id$
+##
+## readers.conf - Access control and configuration for nnrpd
+##
+## Format:
+## auth "<name>" {
+## hosts: "<hostlist>"
+## auth: "<authprog>"
+## res: "<resprog>"
+## default: "<identity>"
+## default-domain: "<email-domain>"
+## }
+## access "<name>" {
+## users: "<userlist>"
+## newsgroups: "<newsgroups>"
+## read: "<read>"
+## post: "<post>"
+## access: "<perm>"
+## }
+##
+## Other parameters are possible. See readers.conf(5) for all the
+## details. Only one of newsgroups or read/post may be used in a single
+## access group.
+##
+## If the connecting host is not matched by any hosts: parameter of any
+## auth group, it will be denied access. auth groups assign an identity
+## string to connections, access groups grant privileges to identity
+## strings matched by their users: parameters.
+##
+## In all cases, the last match found is used, so put defaults first.
+##
+## For a news server that allows connections from anyone within a
+## particular domain or IP address range, just uncomment the "local" auth
+## group and the "local" access group below and adjust the hosts: and
+## default: parameters of the auth group and the users: parameter of the
+## access group for your local network and domain name. That's all there
+## is to it.
+##
+## For more complicated configurations, read the comments on the examples
+## and also see the examples and explanations in readers.conf(5). The
+## examples in readers.conf(5) include setups that require the user to
+## log in with a username and password (the example in this file only
+## uses simple host-based authentication).
+
+# The only groups enabled by default (the rest of this file is
+# commented-out examples). This assigns the identity of <localhost> to
+# the local machine
+
+auth "localhost" {
+ hosts: "localhost, 127.0.0.1, ipv6-localhost, ::1, stdin"
+ default: "<localhost>"
+}
+
+# Grant that specific identity access to read and post to any newsgroup.
+
+access "localhost" {
+ users: "<localhost>"
+ newsgroups: "*"
+}
+
+
+# This auth group matches all connections from example.com or machines in
+# the example.com domain and gives them the identity <local>@example.com.
+# Instead of using wildmat patterns to match machine names, you could also
+# put a wildmat pattern matching IP addresses or an IP range specified
+# using CIDR notation (like 10.10.10.0/24) here.
+
+#auth "local" {
+# hosts: "*.example.com, example.com"
+# default: "<local>@example.com"
+#}
+
+# This auth group matches a subset of machines and assigns connections
+# from there an identity of "<read>@example.com"; these systems should
+# only have read access, no posting privileges.
+
+#auth "read-only" {
+# hosts: "*.newuser.example.com"
+# default: "<read>@example.com"
+#}
+
+# This auth group matches the systems at a guest institution that should
+# be allowed to read the example.events.* hierarchy but nothing else.
+
+#auth "events-only" {
+# hosts: "*.example.org"
+# default: "<events-only>@example.org"
+#}
+
+# Finally, this auth group matches some particular systems which have been
+# abusing the server. Note that it doesn't assign them an identity at
+# all; the "empty" identity created in this fashion won't match any users:
+# parameters. Note also that it's last, so anything matching this entry
+# will take precedent over everything above it.
+
+#auth "abusers" {
+# hosts: "badguy-dsl.example.com, kiosk.public-access.example.com"
+#}
+
+
+# Now for the access groups. All of our access groups should have users:
+# parameters so there are no access groups that match connections without
+# an identity (such as are generated by the "abusers" entry above).
+# First, the default case of local users, who get to read and post to
+# everything.
+
+#access "local" {
+# users: "<local>@example.com"
+# newsgroups: "*"
+#}
+
+# Now, the read-only folks, who only get to read everything.
+
+#access "read-only" {
+# users: "<read>@example.com"
+# read: "*"
+#}
+
+# Finally, the events-only people who get to read and post but only to a
+# specific hierarchy.
+
+#access "events-only" {
+# users: "<events-only>@example.org"
+# newsgroups: "example.events.*"
+#}