Index: isc/inn/authprogs/Makefile
diff -u isc/inn/authprogs/Makefile:1.1.1.1 isc/inn/authprogs/Makefile:1.2
--- isc/inn/authprogs/Makefile:1.1.1.1	Fri Apr  9 12:35:10 2004
+++ isc/inn/authprogs/Makefile	Sat Apr 10 12:29:24 2004
@@ -5,19 +5,20 @@
 top	      = ..
 CFLAGS        = $(GCFLAGS)
 
-ALL           = auth_smb ckpasswd domain ident radius $(KRB5_AUTH)
+ALL           = auth_smb ckpasswd domain ident radius $(KRB5_AUTH) mcpasswd
 
 LIBSMB	      = smbval/smbvalid.a
 
 LIBAUTH       = libauth.o
 
 SOURCES       = auth_krb5.c auth_smb.c ckpasswd.c domain.c ident.c libauth.c \
-		radius.c
+		radius.c mcpasswd
 
 INSTALLED     = $(D)$(PATHAUTHPASSWD)/auth_smb \
 		$(D)$(PATHAUTHPASSWD)/ckpasswd \
-		$(D)$(PATHAUTHPASSWD)/radius \
-		$(D)$(PATHAUTHRESOLV)/domain \
+		$(D)$(PATHAUTHPASSWD)/radius   \
+		$(D)$(PATHAUTHPASSWD)/mcpasswd \
+		$(D)$(PATHAUTHRESOLV)/domain   \
 		$(D)$(PATHAUTHRESOLV)/ident
 
 all: $(LIBSMB) $(LIBAUTH) $(ALL)
@@ -39,13 +40,17 @@
 
 ##  Compilation rules.
 
+CFLAGS		+= -I/usr/local/include/db41
+
 LINK		= $(LIBLD) $(LDFLAGS) -o $@
 NEWSLIBS        = $(LIBINN) $(LIBS)
 AUTHLIBS	= $(LIBAUTH) $(LIBINN) $(LIBS)
+DBLIBS		= /usr/local/lib/libdb41.so
 
 CK_LIBS		= $(CRYPTLIB) $(SHADOWLIB) $(PAMLIB) $(DBMLIB) $(AUTHLIBS)
 SMB_LIBS	= $(LIBSMB) $(AUTHLIBS)
 KRB5_LIBS	= $(AUTHLIBS) $(KRB5LIB)
+MC_LIBS		= ../nnrpd/userdb.o
 
 auth_krb5:	auth_krb5.o $(LIBAUTH)	; $(LINK) auth_krb5.o $(KRB5_LIBS)
 auth_smb:	auth_smb.o  $(LIBSMB)	; $(LINK) auth_smb.o  $(SMB_LIBS)
@@ -53,6 +58,7 @@
 domain:		domain.o    $(LIBAUTH)	; $(LINK) domain.o    $(AUTHLIBS)
 ident:		ident.o     $(LIBAUTH)	; $(LINK) ident.o     $(AUTHLIBS)
 radius:		radius.o    $(AUTH_INN)	; $(LINK) radius.o    $(AUTHLIBS)
+mcpasswd:	mcpasswd.o  $(MC_LIBS)  ; $(LINK) mcpasswd.o  $(MC_LIBS) -L/usr/local/lib -ldb41
 
 $(LIBINN):	; (cd ../lib ; $(MAKE))
 $(LIBSTORAGE):	; (cd ../storage ; $(MAKE))
@@ -72,6 +78,7 @@
 $(D)$(PATHAUTHPASSWD)/auth_smb:		auth_smb	; $(LI_XPUB) $? $@
 $(D)$(PATHAUTHPASSWD)/ckpasswd:		ckpasswd	; $(LI_XPUB) $? $@
 $(D)$(PATHAUTHPASSWD)/radius:		radius		; $(LI_XPUB) $? $@
+$(D)$(PATHAUTHPASSWD)/mcpasswd:		mcpasswd	; $(LI_XPUB) $? $@
 $(D)$(PATHAUTHRESOLV)/domain:		domain		; $(LI_XPUB) $? $@
 $(D)$(PATHAUTHRESOLV)/ident:		ident		; $(LI_XPUB) $? $@
 
Index: isc/inn/authprogs/mcpasswd.c
diff -u /dev/null isc/inn/authprogs/mcpasswd.c:1.1
--- /dev/null	Sat Apr 10 12:34:08 2004
+++ isc/inn/authprogs/mcpasswd.c	Sat Apr 10 12:29:24 2004
@@ -0,0 +1,104 @@
+/*
+ * mcpasswd.c - used as interface to nnrpd for authentication of users
+ *
+ * Read this on stdin:
+ *
+ * N:ClientHost: hostname\r
+ * N:ClientIP: IP-address\r
+ * N:LocalIP: IP-address\r
+ * N:LocalPort: port\r
+ * N:ClientAuthname: username\r
+ * N:ClientPassword: password\r
+ * N:.\r
+ *
+ * Return:
+ * 
+ * User:username\r
+ *
+ * mc@hack.org
+*/
+
+#include <stdio.h>
+#include <fcntl.h>
+#include <string.h>
+#include <unistd.h>
+#include <sysexits.h>
+#include <db.h>
+#include <userdb.h>
+
+#define SMBUF 128
+#define NAMESTR "ClientAuthname: "
+#define PASSSTR "ClientPassword: "
+
+int
+main(int argc, char *argv[])
+{
+    extern char *optarg;
+    int opt;
+    char s[1024];
+    char uname[1024], pass[1024];
+    char *fname;
+    struct user user;
+
+    if (argc < 2)
+        exit(1);
+    
+    while ((opt = getopt(argc, argv, "f:")) != -1)
+    {
+        switch (opt)
+        {
+          case 'f':
+            fname = optarg;
+            break;
+        }
+    }
+
+    /* Read from stdin */
+
+    while (NULL != fgets(s, sizeof(s) - 1, stdin))
+    {
+        if (0 == strncmp(s, NAMESTR, strlen(NAMESTR)))
+        {
+            strcpy(uname, s + sizeof(NAMESTR) - 1);
+            /* Shave off CRLF */
+            if ('\n' == uname[strlen(uname) - 1])
+            {
+                uname[strlen(uname) - 1] = '\0';
+            }
+            if ('\r' == uname[strlen(uname) - 1])
+            {   
+                uname[strlen(uname) - 1] = '\0';
+            }
+        }
+        if (0 == strncmp(s, PASSSTR, strlen(PASSSTR)))
+        {
+            strcpy(pass, s + sizeof(PASSSTR) - 1);
+            if ('\n' == pass[strlen(pass) - 1])
+            {
+                pass[strlen(pass) - 1] = '\0';
+                
+            }
+            if ('\r' == pass[strlen(pass) - 1])
+            {   
+                pass[strlen(pass) - 1] = '\0';
+            }
+        }
+    }
+
+    if (!uname[0] || !pass[0])
+    {
+        exit(3);
+    }
+
+    if (db_getuser(uname, &user))
+    {
+        if (0 == strcmp(user.password, pass))
+        {
+            printf("User:%s <%s>\n", user.fullname, user.address);
+            exit(0);
+        }
+    }
+
+    fprintf(stderr, "mcpasswd: user login failed.\n");
+    exit(1);
+}
Index: isc/inn/doc/man/inn.conf.5
diff -u isc/inn/doc/man/inn.conf.5:1.1.1.1 isc/inn/doc/man/inn.conf.5:1.2
--- isc/inn/doc/man/inn.conf.5:1.1.1.1	Fri Apr  9 12:35:10 2004
+++ isc/inn/doc/man/inn.conf.5	Sat Apr 10 12:29:24 2004
@@ -1,8 +1,12 @@
-.\" Automatically generated by Pod::Man v1.34, Pod::Parser v1.13
-.\"
-.\" Standard preamble:
-.\" ========================================================================
-.de Sh \" Subsection heading
+.rn '' }`
+''' $RCSfile: inn.conf.5,v $$Revision: 1.1 $$Date: 2003/12/11 20:19:22 $
+'''
+''' $Log: inn.conf.5,v $
+''' Revision 1.1  2003/12/11 20:19:22  mc
+''' Initial revision
+'''
+'''
+.de Sh
 .br
 .if t .Sp
 .ne 5
@@ -10,98 +14,150 @@
 \fB\\$1\fR
 .PP
 ..
-.de Sp \" Vertical space (when we can't use .PP)
+.de Sp
 .if t .sp .5v
 .if n .sp
 ..
-.de Vb \" Begin verbatim text
+.de Ip
+.br
+.ie \\n(.$>=3 .ne \\$3
+.el .ne 3
+.IP "\\$1" \\$2
+..
+.de Vb
 .ft CW
 .nf
 .ne \\$1
 ..
-.de Ve \" End verbatim text
+.de Ve
 .ft R
+
 .fi
 ..
-.\" Set up some character translations and predefined strings.  \*(-- will
-.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
-.\" double quote, and \*(R" will give a right double quote.  | will give a
-.\" real vertical bar.  \*(C+ will give a nicer C++.  Capital omega is used to
-.\" do unbreakable dashes and therefore won't be available.  \*(C` and \*(C'
-.\" expand to `' in nroff, nothing in troff, for use with C<>.
+'''
+'''
+'''     Set up \*(-- to give an unbreakable dash;
+'''     string Tr holds user defined translation string.
+'''     Bell System Logo is used as a dummy character.
+'''
 .tr \(*W-|\(bv\*(Tr
-.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
 .ie n \{\
-.    ds -- \(*W-
-.    ds PI pi
-.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
-.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
-.    ds L" ""
-.    ds R" ""
-.    ds C` ""
-.    ds C' ""
+.ds -- \(*W-
+.ds PI pi
+.if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+.if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+.ds L" ""
+.ds R" ""
+'''   \*(M", \*(S", \*(N" and \*(T" are the equivalent of
+'''   \*(L" and \*(R", except that they are used on ".xx" lines,
+'''   such as .IP and .SH, which do another additional levels of
+'''   double-quote interpretation
+.ds M" """
+.ds S" """
+.ds N" """""
+.ds T" """""
+.ds L' '
+.ds R' '
+.ds M' '
+.ds S' '
+.ds N' '
+.ds T' '
 'br\}
 .el\{\
-.    ds -- \|\(em\|
-.    ds PI \(*p
-.    ds L" ``
-.    ds R" ''
+.ds -- \(em\|
+.tr \*(Tr
+.ds L" ``
+.ds R" ''
+.ds M" ``
+.ds S" ''
+.ds N" ``
+.ds T" ''
+.ds L' `
+.ds R' '
+.ds M' `
+.ds S' '
+.ds N' `
+.ds T' '
+.ds PI \(*p
 'br\}
-.\"
-.\" If the F register is turned on, we'll generate index entries on stderr for
-.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index
-.\" entries marked with X<> in POD.  Of course, you'll have to process the
-.\" output yourself in some meaningful fashion.
-.if \nF \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.\"	If the F register is turned on, we'll generate
+.\"	index entries out stderr for the following things:
+.\"		TH	Title 
+.\"		SH	Header
+.\"		Sh	Subsection 
+.\"		Ip	Item
+.\"		X<>	Xref  (embedded
+.\"	Of course, you have to process the output yourself
+.\"	in some meaninful fashion.
+.if \nF \{
+.de IX
+.tm Index:\\$1\t\\n%\t"\\$2"
 ..
-.    nr % 0
-.    rr F
+.nr % 0
+.rr F
 .\}
-.\"
-.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
-.\" way too many mistakes in technical documents.
-.hy 0
+.TH inn.conf 5 "INN 2.4.0" "16/Oct/2003" "InterNetNews Documentation"
+.UC
+.if n .hy 0
 .if n .na
-.\"
-.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
-.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
-.    \" fudge factors for nroff and troff
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.de CQ          \" put $1 in typewriter font
+.ft CW
+'if n "\c
+'if t \\&\\$1\c
+'if n \\&\\$1\c
+'if n \&"
+\\&\\$2 \\$3 \\$4 \\$5 \\$6 \\$7
+'.ft R
+..
+.\" @(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2
+.	\" AM - accent mark definitions
+.bd B 3
+.	\" fudge factors for nroff and troff
 .if n \{\
-.    ds #H 0
-.    ds #V .8m
-.    ds #F .3m
-.    ds #[ \f1
-.    ds #] \fP
+.	ds #H 0
+.	ds #V .8m
+.	ds #F .3m
+.	ds #[ \f1
+.	ds #] \fP
 .\}
 .if t \{\
-.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
-.    ds #V .6m
-.    ds #F 0
-.    ds #[ \&
-.    ds #] \&
+.	ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.	ds #V .6m
+.	ds #F 0
+.	ds #[ \&
+.	ds #] \&
 .\}
-.    \" simple accents for nroff and troff
+.	\" simple accents for nroff and troff
 .if n \{\
-.    ds ' \&
-.    ds ` \&
-.    ds ^ \&
-.    ds , \&
-.    ds ~ ~
-.    ds /
+.	ds ' \&
+.	ds ` \&
+.	ds ^ \&
+.	ds , \&
+.	ds ~ ~
+.	ds ? ?
+.	ds ! !
+.	ds /
+.	ds q
 .\}
 .if t \{\
-.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
-.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
-.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
-.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
-.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
-.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.	ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.	ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.	ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.	ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.	ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.	ds ? \s-2c\h'-\w'c'u*7/10'\u\h'\*(#H'\zi\d\s+2\h'\w'c'u*8/10'
+.	ds ! \s-2\(or\s+2\h'-\w'\(or'u'\v'-.8m'.\v'.8m'
+.	ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.	ds q o\h'-\w'o'u*8/10'\s-4\v'.4m'\z\(*i\v'-.4m'\s+4\h'\w'o'u*8/10'
 .\}
-.    \" troff and (daisy-wheel) nroff accents
+.	\" troff and (daisy-wheel) nroff accents
 .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
 .ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds v \\k:\h'-(\\n(.wu*9/10-\*(#H)'\v'-\*(#V'\*(#[\s-4v\s0\v'\*(#V'\h'|\\n:u'\*(#]
+.ds _ \\k:\h'-(\\n(.wu*9/10-\*(#H+(\*(#F*2/3))'\v'-.4m'\z\(hy\v'.4m'\h'|\\n:u'
+.ds . \\k:\h'-(\\n(.wu*8/10)'\v'\*(#V*4/10'\z.\v'-\*(#V*4/10'\h'|\\n:u'
+.ds 3 \*(#[\v'.2m'\s-2\&3\s0\v'-.2m'\*(#]
 .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
 .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
 .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
@@ -109,83 +165,82 @@
 .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
 .ds ae a\h'-(\w'a'u*4/10)'e
 .ds Ae A\h'-(\w'A'u*4/10)'E
-.    \" corrections for vroff
+.ds oe o\h'-(\w'o'u*4/10)'e
+.ds Oe O\h'-(\w'O'u*4/10)'E
+.	\" corrections for vroff
 .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
 .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
-.    \" for low resolution devices (crt and lpr)
+.	\" for low resolution devices (crt and lpr)
 .if \n(.H>23 .if \n(.V>19 \
 \{\
-.    ds : e
-.    ds 8 ss
-.    ds o a
-.    ds d- d\h'-1'\(ga
-.    ds D- D\h'-1'\(hy
-.    ds th \o'bp'
-.    ds Th \o'LP'
-.    ds ae ae
-.    ds Ae AE
+.	ds : e
+.	ds 8 ss
+.	ds v \h'-1'\o'\(aa\(ga'
+.	ds _ \h'-1'^
+.	ds . \h'-1'.
+.	ds 3 3
+.	ds o a
+.	ds d- d\h'-1'\(ga
+.	ds D- D\h'-1'\(hy
+.	ds th \o'bp'
+.	ds Th \o'LP'
+.	ds ae ae
+.	ds Ae AE
+.	ds oe oe
+.	ds Oe OE
 .\}
 .rm #[ #] #H #V #F C
-.\" ========================================================================
-.\"
-.IX Title "INN.CONF 5"
-.TH INN.CONF 5 "2003-09-07" "INN 2.4.1" "InterNetNews Documentation"
 .SH "NAME"
 inn.conf \- Configuration data for InterNetNews programs
 .SH "DESCRIPTION"
-.IX Header "DESCRIPTION"
-\&\fIinn.conf\fR in \fIpathetc\fR is the primary general configuration file for
+\fIinn.conf\fR in \fIpathetc\fR is the primary general configuration file for
 all InterNetNews programs.  Settings which control the general operation
 of various programs, as well as the paths to all portions of the news
-installation, are found here.  The \s-1INNCONF\s0 environment variable, if set,
+installation, are found here.  The INNCONF environment variable, if set,
 specifies an alternate path to \fIinn.conf\fR.
 .PP
 This file is intended to be fairly static.  Any changes made to it will
 generally not affect any running programs until they restart.  Unlike
 nearly every other configuration file, \fIinn.conf\fR cannot be reloaded
 dynamically using \fIctlinnd\fR\|(8); \fIinnd\fR\|(8) must be stopped and restarted for
-relevant changes to \fIinn.conf\fR to take effect (\f(CW\*(C`ctlinnd xexec innd\*(C'\fR is
+relevant changes to \fIinn.conf\fR to take effect (\f(CWctlinnd xexec innd\fR is
 the fastest way to do this.)
 .PP
-Blank lines and lines starting with a number sign (\f(CW\*(C`#\*(C'\fR) are ignored.  All
+Blank lines and lines starting with a number sign (\f(CW#\fR) are ignored.  All
 other lines specify parameters, and should be of the following form:
 .PP
 .Vb 1
 \&    <name>: <value>
 .Ve
-.PP
 (Any amount of whitespace can be put after the colon and is optional.)  If
-the value contains embedded whitespace or any of the characers \f(CW\*(C`[]<\*(C'\fR\*(L"\e:>,
-it must be enclosed in double quotes (\*(R"").  A backslash (\f(CW\*(C`\e\*(C'\fR) can be used
+the value contains embedded whitespace or any of the characers \f(CW[]<\fR"\e:>,
+it must be enclosed in double quotes ("").  A backslash (\f(CW\e\fR) can be used
 to escape quotes and backslashes inside double quotes.  <name> is
-case\-sensitive; \f(CW\*(C`server\*(C'\fR is not the same as \f(CW\*(C`Server\*(C'\fR or \f(CW\*(C`SERVER\*(C'\fR.
+case-sensitive; \f(CWserver\fR is not the same as \f(CWServer\fR or \f(CWSERVER\fR.
 (\fIinn.conf\fR parameters are generally all in lowercase.)
 .PP
 If <name> occurs more than once in the file, the first value is used.
 Some parameters specified in the file may be overridden by environment
 variables.  Most parameters have default values if not specified in
-\&\fIinn.conf\fR; those defaults are noted in the description of each
+\fIinn.conf\fR; those defaults are noted in the description of each
 parameter.
 .PP
 Many parameters take a boolean value.  For all such parameters, the value
-may be specified as \f(CW\*(C`true\*(C'\fR, \f(CW\*(C`yes\*(C'\fR, or \f(CW\*(C`on\*(C'\fR to turn it on and may be any
-of \f(CW\*(C`false\*(C'\fR, \f(CW\*(C`no\*(C'\fR, or \f(CW\*(C`off\*(C'\fR to turn it off.  The case of these values is
+may be specified as \f(CWtrue\fR, \f(CWyes\fR, or \f(CWon\fR to turn it on and may be any
+of \f(CWfalse\fR, \f(CWno\fR, or \f(CWoff\fR to turn it off.  The case of these values is
 significant.
 .PP
 This documentation is extremely long and organized as a reference manual
-rather than as a tutorial.  If this is your first exposure to \s-1INN\s0 and
+rather than as a tutorial.  If this is your first exposure to INN and
 these parameters, it would be better to start by reading other man pages
 and referring to this one only when an \fIinn.conf\fR parameter is explicitly
 mentioned.  Those parameters which need to be changed when setting up a
-new server are discussed in \fI\s-1INSTALL\s0\fR.
+new server are discussed in \fIINSTALL\fR.
 .SH "PARAMETERS"
-.IX Header "PARAMETERS"
 .Sh "General Settings"
-.IX Subsection "General Settings"
 These parameters are used by a wide variety of different components of
-\&\s-1INN\s0.
-.IP "\fIdomain\fR" 4
-.IX Item "domain"
+\s-1INN\s0.
+.Ip "\fIdomain\fR" 4
 This should be the domain name of the local host.  It should not have a
 leading period, and it should not be a full host address.  It is used only
 if the \fIGetFQDN()\fR routine in \fIlibinn\fR\|(3) cannot get the fully-qualified
@@ -193,23 +248,20 @@
 The check is very simple; if either routine returns a name with a period
 in it, then it is assumed to have the full domain name.  As this parameter
 is rarely used, do not use it to affect the righthand side of
-autogenerated Message\-IDs; see instead \fIvirtualhost\fR and \fIdomain\fR in
-readers.conf.  The default value is unset.
-.IP "\fIinnflags\fR" 4
-.IX Item "innflags"
+autogenerated Message-IDs; see instead \fIdomain\fR in the \fIreaders.conf\fR manpage.
+The default value is unset.
+.Ip "\fIinnflags\fR" 4
 The flags to pass to innd on startup.  See \fIinnd\fR\|(8) for details on the
 possible flags.  The default value is unset.
-.IP "\fImailcmd\fR" 4
-.IX Item "mailcmd"
+.Ip "\fImailcmd\fR" 4
 The path to the program to be used for mailing reports and control
 messages.  The default is \fIpathbin\fR/innmail.  This should not normally
 need to be changed.
-.IP "\fImta\fR" 4
-.IX Item "mta"
+.Ip "\fImta\fR" 4
 The command to use when mailing postings to moderators and for the use of
-\&\fIinnmail\fR\|(1).  The message, with headers and an added To: header, will be
+\fIinnmail\fR\|(1).  The message, with headers and an added To: header, will be
 piped into this program.  The string \f(CW%s\fR, if present, will be replaced
-by the e\-mail address of the moderator.  It's strongly recommended for
+by the e-mail address of the moderator.  It's strongly recommended for
 this command to include \f(CW%s\fR on the command line rather than use the
 addresses in the To: and Cc: headers of the message, since the latter
 approach allows the news server to be abused as a mechanism to send mail
@@ -217,10 +269,9 @@
 no default value for this parameter; it must be set in \fIinn.conf\fR or a
 fatal error message will be logged via syslog.
 .Sp
-For most systems, \f(CW\*(C`/usr/lib/sendmail \-oi \-oem %s\*(C'\fR (adjusted for the
+For most systems, \f(CW/usr/lib/sendmail -oi -oem %s\fR (adjusted for the
 correct path to sendmail) is a good choice.
-.IP "\fIpathhost\fR" 4
-.IX Item "pathhost"
+.Ip "\fIpathhost\fR" 4
 What to put into the Path: header to represent the local site.  This is
 added to the Path: header of all articles that pass through the system,
 including locally posted articles, and is also used when processing some
@@ -228,47 +279,38 @@
 no default value; this parameter must be set in \fIinn.conf\fR or \s-1INN\s0 will
 not start.  A good value to use is the fully-qualified hostname of the
 system.
-.IP "\fIserver\fR" 4
-.IX Item "server"
+.Ip "\fIserver\fR" 4
 The name of the default \s-1NNTP\s0 server.  If \fInnrpdposthost\fR is not set and
-\&\s-1UNIX\s0 domain sockets are not supported, \fInnrpd\fR\|(8) tries to hand off
+\s-1UNIX\s0 domain sockets are not supported, \fInnrpd\fR\|(8) tries to hand off
 locally-posted articles through an \s-1INET\s0 domain socket to this server.
-\&\fIactsync\fR\|(8), \fInntpget\fR\|(8), and \fIgetlist\fR\|(8) also use this value as the default
+\fIactsync\fR\|(8), \fInntpget\fR\|(8), and \fIgetlist\fR\|(8) also use this value as the default
 server to connect to.  In the latter cases, the value of the \s-1NNTPSERVER\s0
 environment variable, if it exists, overrides this.  The default value is
 unset.
 .Sh "Feed Configuration"
-.IX Subsection "Feed Configuration"
 These parameters govern incoming and outgoing feeds:  what size of
 articles are accepted, what filtering and verification is performed on
 them, whether articles in groups not carried by the server are still
 stored and propagated, and other similar settings.
-.IP "\fIartcutoff\fR" 4
-.IX Item "artcutoff"
+.Ip "\fIartcutoff\fR" 4
 Articles older than this number of days are dropped.  This setting should
-probably match the setting on the \f(CW\*(C`/remember/\*(C'\fR line in \fIexpire.ctl\fR.
+probably match the setting on the \f(CW/remember/\fR line in \fIexpire.ctl\fR.
 The default value is \f(CW10\fR.
-.IP "\fIbindaddress\fR" 4
-.IX Item "bindaddress"
+.Ip "\fIbindaddress\fR" 4
 Which \s-1IP\s0 address \fIinnd\fR\|(8) should bind itself to.  This must be in
-dotted-quad format (nnn.nnn.nnn.nnn).  If set to \f(CW\*(C`all\*(C'\fR or not set, innd
+dotted-quad format (nnn.nnn.nnn.nnn).  If set to \f(CWall\fR or not set, innd
 defaults to listening on all interfaces.  The value of the
-\&\s-1INND_BIND_ADDRESS\s0 environment variable, if set, overrides this setting.
+\s-1INND_BIND_ADDRESS\s0 environment variable, if set, overrides this setting.
 The default value is unset.
-.IP "\fIbindaddress6\fR" 4
-.IX Item "bindaddress6"
+.Ip "\fIbindaddress6\fR" 4
 Like \fIbindaddress\fR but for IPv6 sockets. If only one of the \fIbindaddress\fR
 and \fIbindaddress6\fR parameters is used, then only the socket for the
 corresponding address family is created. If both parameters are used
 then two sockets are created. If neither of them is used, the list of
 sockets to listen on will be determined by the system library
-\&\fI\fIgetaddrinfo\fI\|(3)\fR function.  The value of the \s-1INND_BIND_ADDRESS6\s0, if set,
+\fIgetaddrinfo(3)\fR function.  The value of the \s-1INND_BIND_ADDRESS6\s0, if set,
 overrides this setting.  The default value is unset.
-.Sp
-Note that you will generally need to put double quotes ("") around this
-value if you set it, since IPv6 addresses contain colons.
-.IP "\fIhiscachesize\fR" 4
-.IX Item "hiscachesize"
+.Ip "\fIhiscachesize\fR" 4
 If set to a value other than \f(CW0\fR, a hash of recently received message IDs
 is kept in memory to speed history lookups.  The value is the amount of
 memory to devote to the cache in kilobytes.  The cache is only used for
@@ -277,8 +319,7 @@
 are badly delayed.  A good value for a system with more than one incoming
 feed is \f(CW256\fR; systems with only one incoming feed should probably leave
 this at \f(CW0\fR.  The default value is \f(CW0\fR.
-.IP "\fIignorenewsgroups\fR" 4
-.IX Item "ignorenewsgroups"
+.Ip "\fIignorenewsgroups\fR" 4
 Whether newsgroup creation control messages (newgroup and rmgroup) should
 be fed as if they were posted to the newsgroup they are creating or
 deleting rather than to the newsgroups listed in the Newsgroups: header.
@@ -288,16 +329,14 @@
 for routing control messages to peers when they are posted to irrelevant
 newsgroups that shouldn't be matched against the peer's desired newsgroups
 in \fInewsfeeds\fR.  This is a boolean value and the default is false.
-.IP "\fIimmediatecancel\fR" 4
-.IX Item "immediatecancel"
+.Ip "\fIimmediatecancel\fR" 4
 When using the timecaf storage method, article cancels are normally just
 cached to be cancelled, not cancelled immediately.  If this is set to
 true, they will instead by cancelled as soon as the cancel is processed.
 This is a boolean value and the default is false.
 .Sp
 This setting is ignored unless the timecaf storage method is used.
-.IP "\fIlinecountfuzz\fR" 4
-.IX Item "linecountfuzz"
+.Ip "\fIlinecountfuzz\fR" 4
 If set to something other than \f(CW0\fR, the line count of the article is
 checked against the Lines: header of the article (if present) and the
 artice is rejected if the values differ by more than this amount.  A
@@ -305,50 +344,43 @@
 plus one (some injection software calculates the Lines: header before
 adding the signature).  The default value is \f(CW0\fR, which tells \s-1INN\s0 not to
 check the Lines: header of incoming articles.
-.IP "\fImaxartsize\fR" 4
-.IX Item "maxartsize"
+.Ip "\fImaxartsize\fR" 4
 The maximum size of article (headers and body) that will be accepted by
 the server, in bytes.  A value of \f(CW0\fR allows any size of article.  The
 default value is \f(CW1000000\fR (approximately 1 \s-1MB\s0).  See also
-\&\fIlocalmaxartsize\fR.
-.IP "\fImaxconnections\fR" 4
-.IX Item "maxconnections"
+\fIlocalmaxartsize\fR.
+.Ip "\fImaxconnections\fR" 4
 The maximum number of incoming \s-1NNTP\s0 connections \fIinnd\fR\|(8) will accept.  The
 default value is \f(CW50\fR.
-.IP "\fIpathalias\fR" 4
-.IX Item "pathalias"
+.Ip "\fIpathalias\fR" 4
 If set, this value is prepended to the Path: header of accepted posts
 (before \fIpathhost\fR) if it doesn't already appear in the Path: header.
 The main purpose of this parameter is to configure all news servers within
 a particular organization to add a common identity string to the
 Path: header.  The default value is unset.
-.IP "\fIpgpverify\fR" 4
-.IX Item "pgpverify"
+.Ip "\fIpgpverify\fR" 4
 Whether to enable \s-1PGP\s0 verification of control messages other than cancel.
 This is a boolean value and the default is based on whether configure found
 pgp, pgpv, or gpgv.
-.IP "\fIport\fR" 4
-.IX Item "port"
+.Ip "\fIport\fR" 4
 What \s-1TCP\s0 port \fIinnd\fR\|(8) should listen on.  The default value is \f(CW119\fR, the
 standard \s-1NNTP\s0 port.
-.IP "\fIrefusecybercancels\fR" 4
-.IX Item "refusecybercancels"
+.Ip "\fIrefusecybercancels\fR" 4
 Whether to refuse all articles whose message IDs start with
-\&\f(CW\*(C`<cancel.\*(C'\fR.  This message \s-1ID\s0 convention is widely followed by spam
+\f(CW<cancel.\fR.  This message \s-1ID\s0 convention is widely followed by spam
 cancellers, so the vast majority of such articles will be cancels of spam.
 This check, if enabled, is done before the history check and the message
-\&\s-1ID\s0 is not written to the history file.  This is a boolean value and the
+\s-1ID\s0 is not written to the history file.  This is a boolean value and the
 default is false.
 .Sp
 This is a somewhat messy, inefficient, and inexact way of refusing spam
 cancels.  A much better way is to ask all of your upstream peers to not
-send to you any articles with \f(CW\*(C`cyberspam\*(C'\fR in the Path: header (usually
-accomplished by having them mark \f(CW\*(C`cyberspam\*(C'\fR as an alias for your machine
+send to you any articles with \f(CWcyberspam\fR in the Path: header (usually
+accomplished by having them mark \f(CWcyberspam\fR as an alias for your machine
 in their feed configuration).  The filtering enabled by this parameter is
-hard\-coded; general filtering of message IDs can be done via the embedded
+hard-coded; general filtering of message IDs can be done via the embedded
 filtering support.
-.IP "\fIremembertrash\fR" 4
-.IX Item "remembertrash"
+.Ip "\fIremembertrash\fR" 4
 By default, \fIinnd\fR\|(8) records rejected articles in history so that, if
 offered the same article again, it can be refused before it is sent.  If
 you wish to disable this behavior, set this to false.  This can cause a
@@ -359,19 +391,16 @@
 offered by a different peer, so there is usually no reason to set this to
 false (although doing so can decrease the size of the history file).  This
 is a boolean value and the default is true.
-.IP "\fIsourceaddress\fR" 4
-.IX Item "sourceaddress"
+.Ip "\fIsourceaddress\fR" 4
 Which local \s-1IP\s0 address to bind to for outgoing \s-1NNTP\s0 sockets (used by
-\&\fIinnxmit\fR\|(8) among other programs, but \fInot\fR \fIinnfeed\fR\|(8) \*(-- see
-\&\fIbindaddress\fR in \fIinnfeed.conf\fR\|(5) for that).  This must be in dotted-quad
-format (nnn.nnn.nnn.nnn).  If set to \f(CW\*(C`all\*(C'\fR or not set, the operating
+\fIinnxmit\fR\|(8) among other programs, but \fInot\fR \fIinnfeed\fR\|(8) -- see
+\fIbindaddress\fR in innfeed.\fIconf\fR\|(5) for that).  This must be in dotted-quad
+format (nnn.nnn.nnn.nnn).  If set to \f(CWall\fR or not set, the operating
 system will choose the source \s-1IP\s0 address for outgoing connections.  The
 default value is unset.
-.IP "\fIsourceaddress6\fR" 4
-.IX Item "sourceaddress6"
+.Ip "\fIsourceaddress6\fR" 4
 Like \fIsourceaddress\fR but for IPv6 sockets.
-.IP "\fIverifycancels\fR" 4
-.IX Item "verifycancels"
+.Ip "\fIverifycancels\fR" 4
 Set this to true to enable a simplistic check on all cancel messages,
 attempting to verify (by simple header comparison) that the cancel message
 is from the same person as the original post.  This can't be done if the
@@ -379,131 +408,101 @@
 While this check may once have served a purpose, it's now essentially
 security via obscurity, commonly avoided by abusers, and probably not
 useful.  This is a boolean value, and the default is false.
-.IP "\fIwanttrash\fR" 4
-.IX Item "wanttrash"
+.Ip "\fIwanttrash\fR" 4
 Set this to true if you want to file articles posted to unknown newsgroups
-(newsgroups not in the \fIactive\fR file) into the \f(CW\*(C`junk\*(C'\fR newsgroup rather
+(newsgroups not in the \fIactive\fR file) into the \f(CWjunk\fR newsgroup rather
 than rejecting them.  This is sometimes useful for a transit news server
 that needs to propagate articles in all newsgroups regardless if they're
 carried locally.  This is a boolean value and the default is false.
-.IP "\fIwipcheck\fR" 4
-.IX Item "wipcheck"
+.Ip "\fIwipcheck\fR" 4
 If \s-1INN\s0 is offered an article by a peer on one channel, it will return
 deferral responses (code 436) to all other offers of that article for this
 many seconds.  (After this long, if the peer that offered the article
 still hasn't sent it, it will be accepted from other channels.)  The
 default value is \f(CW5\fR and probably doesn't need to be changed.
-.IP "\fIwipexpire\fR" 4
-.IX Item "wipexpire"
+.Ip "\fIwipexpire\fR" 4
 How long, in seconds, to keep track of message IDs offered on a channel
 before expiring articles that still haven't been sent.  The default value
 is \f(CW10\fR and probably doesn't need to be changed.
-.IP "\fIdontrejectfiltered\fR" 4
-.IX Item "dontrejectfiltered"
+.Ip "\fIdontrejectfiltered\fR" 4
 Normally \fIinnd\fR\|(8) rejects incoming articles when directed to do so by any
 enabled article filters (Perl, Python, and \s-1TCL\s0).  However, this parameter
 causes such articles \fInot\fR to be rejected; instead filtering can be
 applied on outbound articles.  If this parameter is set, all articles will
 be accepted on the local machine, but articles rejected by the filter will
-\&\fInot\fR be fed to any peers specified in \fInewsfeeds\fR with the \f(CW\*(C`Af\*(C'\fR flag.
+\fInot\fR be fed to any peers specified in \fInewsfeeds\fR with the \f(CWAf\fR flag.
 .Sh "Article Storage"
-.IX Subsection "Article Storage"
 These parameters affect how articles are stored on disk.
-.IP "\fIcnfscheckfudgesize\fR" 4
-.IX Item "cnfscheckfudgesize"
+.Ip "\fIcnfscheckfudgesize\fR" 4
 If set to a value other than \f(CW0\fR, the claimed size of articles in \s-1CNFS\s0
 cycbuffs is checked against \fImaxartsize\fR plus this value, and if larger,
 the \s-1CNFS\s0 cycbuff is considered corrupt.  This can be useful as a sanity
 check after a system crash, but be careful using this parameter if you
 have changed \fImaxartsize\fR recently.  The default value is \f(CW0\fR.
-.IP "\fIenableoverview\fR" 4
-.IX Item "enableoverview"
+.Ip "\fIenableoverview\fR" 4
 Whether to write out overview data for articles.  If set to false, \s-1INN\s0
 will run much faster, but reading news from the system will be impossible
 (the server will be for news transit only).  If this option is set to
 true, \fIovmethod\fR must also be set.  This is a boolean value and the
 default is true.
-.IP "\fIgroupbaseexpiry\fR" 4
-.IX Item "groupbaseexpiry"
+.Ip "\fIgroupbaseexpiry\fR" 4
 Whether to enable newsgroup-based expiry.  If set to false, article expiry
 is done based on storage class of storing method.  If set to true (and
 overview information is available), expiry is done by newsgroup name.
 This affects the format of \fIexpire.ctl\fR.  This is a boolean value and the
 default is true.
-.IP "\fImergetogroups\fR" 4
-.IX Item "mergetogroups"
-Whether to file all postings to \f(CW\*(C`to.*\*(C'\fR groups in the pseudonewsgroup
-\&\f(CW\*(C`to\*(C'\fR.  If this is set to true, the newsgroup \f(CW\*(C`to\*(C'\fR must exist in the
-\&\fIactive\fR file or \s-1INN\s0 will not start.  (See the discussion of \f(CW\*(C`to.\*(C'\fR
+.Ip "\fImergetogroups\fR" 4
+Whether to file all postings to \f(CWto.*\fR groups in the pseudonewsgroup
+\f(CWto\fR.  If this is set to true, the newsgroup \f(CWto\fR must exist in the
+\fIactive\fR file or \s-1INN\s0 will not start.  (See the discussion of \f(CWto.\fR
 groups in \fIinnd\fR\|(8) under \s-1CONTROL\s0 \s-1MESSAGES\s0.)  This is a boolean value and
 the default is false.
-.IP "\fIovercachesize\fR" 4
-.IX Item "overcachesize"
+.Ip "\fIovercachesize\fR" 4
 How many cache slots to reserve for open overview files.  If \s-1INN\s0 is
 writing overview files (see \fIenableoverview\fR), \fIovmethod\fR is set to
-\&\f(CW\*(C`tradindexed\*(C'\fR, and this is set to a value other than \f(CW0\fR, \s-1INN\s0 will keep
+\f(CWtradindexed\fR, and this is set to a value other than \f(CW0\fR, \s-1INN\s0 will keep
 around and open that many recently written-to overview files in case more
 articles come in for those newsgroups.  Every overview cache slot consumes
 two file descriptors, so be careful not to set this value too high.  You
-may be able to use the \f(CW\*(C`limit\*(C'\fR command to see how many open file
+may be able to use the \f(CWlimit\fR command to see how many open file
 descriptors your operating system allows.  \fIinnd\fR\|(8) also uses an open file
 descriptor for each incoming feed and outgoing channel or batch file, and
 if it runs out of open file descriptors it may throttle and stop accepting
 new news.  The default value is \f(CW15\fR (which is probably way too low if
 you have a large number of file descriptors available).
 .Sp
-This setting is ignored unless \fIovmethod\fR is set to \f(CW\*(C`tradindexed\*(C'\fR.
-.IP "\fIovgrouppat\fR" 4
-.IX Item "ovgrouppat"
+This setting is ignored unless \fIovmethod\fR is set to \f(CWtradindexed\fR.
+.Ip "\fIovgrouppat\fR" 4
 If set, restricts the overview data stored by \s-1INN\s0 to only the newsgroups
 matching this comma-separated list of wildmat expressions.  Newsgroups not
 matching this setting may not be readable, and if \fIgroupbaseexpiry\fR is
 set to true and the storage method for these newsgroups does not have
 self-expire functionality, storing overview data will fail.
 The default is unset.
-.IP "\fIovmethod\fR" 4
-.IX Item "ovmethod"
+.Ip "\fIovmethod\fR" 4
 Which overview storage method to use.  Currently supported values are
-\&\f(CW\*(C`tradindexed\*(C'\fR, \f(CW\*(C`buffindexed\*(C'\fR, and \f(CW\*(C`ovdb\*(C'\fR.  There is no default value;
+\f(CWtradindexed\fR, \f(CWbuffindexed\fR, and \f(CWovdb\fR.  There is no default value;
 this parameter must be set if \fIenableoverview\fR is true (the default).
-.RS 4
-.ie n .IP """buffindexed""" 4
-.el .IP "\f(CWbuffindexed\fR" 4
-.IX Item "buffindexed"
+.Ip "\f(CWbuffindexed\fR" 8
 Stores overview data and index information into buffers, which are
-preconfigured files defined in \fIbuffinedexed.conf\fR.  \f(CW\*(C`buffindexed\*(C'\fR never
+preconfigured files defined in \fIbuffinedexed.conf\fR.  \f(CWbuffindexed\fR never
 consumes additional disk space beyond that allocated to these buffers.
-.ie n .IP """tradindexed""" 4
-.el .IP "\f(CWtradindexed\fR" 4
-.IX Item "tradindexed"
+.Ip "\f(CWtradindexed\fR" 8
 Uses two files per newsgroup, one containing the overview data and one
 containing the index.  Fast for readers, but slow to write to.
-.ie n .IP """ovdb""" 4
-.el .IP "\f(CWovdb\fR" 4
-.IX Item "ovdb"
+.Ip "\f(CWovdb\fR" 8
 Stores data into a Berkeley \s-1DB\s0 database.  See the \fIovdb\fR\|(5) man page.
-.RE
-.RS 4
-.RE
-.IP "\fIhismethod\fR" 4
-.IX Item "hismethod"
+.Ip "\fIhismethod\fR" 4
 Which history storage method to use.  The only currently supported
-value is \f(CW\*(C`hisv6\*(C'\fR.  There is no default value; this parameter must
+value is \f(CWhisv6\fR.  There is no default value; this parameter must
 be set.
-.RS 4
-.ie n .IP """hisv6""" 4
-.el .IP "\f(CWhisv6\fR" 4
-.IX Item "hisv6"
+.Ip "\f(CWhisv6\fR" 8
 Stores history data in the \s-1INN\s0 history v6 format:  \fIhistory\fR\|(5) text
 file and a number of \fIdbz\fR\|(3) database files; this may be in true history
 v6 format, or tagged hash format, depending on the build
 options.  Separation of these two is a project which has not yet been
 undertaken.
-.RE
-.RS 4
-.RE
-.IP "\fIstoreonxref\fR" 4
-.IX Item "storeonxref"
+.Ip "\fIstoreonxref\fR" 4
 If set to true, articles will be stored based on the newsgroup names in
 the Xref: header rather than in the Newsgroups: header.  This affects what
 the patterns in \fIstorage.conf\fR apply to.  The primary interesting effect
@@ -511,19 +510,17 @@
 according to what storage class the control pseudogroups are filed in
 rather than according to the newsgroups the control messages are posted
 to.  This is a boolean value and the default is true.
-.IP "\fIuseoverchan\fR" 4
-.IX Item "useoverchan"
+.Ip "\fIuseoverchan\fR" 4
 Whether to \fIinnd\fR\|(8) should create overview data internally through
-\&\fIlibstorage\fR\|(3).  If set to false, innd creates overview data by itself.  If
+\fIlibstorage\fR\|(3).  If set to false, innd creates overview data by itself.  If
 set to true, innd does not create; instead overview data must be created
 by \fIoverchan\fR\|(8) from an appropriate entry in \fInewsfeeds\fR.  Setting to true
 may be useful, if innd cannot keep up with incoming feed and the
 bottleneck is creation of overview data within innd.  This is a boolean
 value and the default is false.
-.IP "\fIwireformat\fR" 4
-.IX Item "wireformat"
+.Ip "\fIwireformat\fR" 4
 Only used with the tradspool storage method, this says whether to write
-articles in wire format.  Wire format means storing articles with \f(CW\*(C`\er\en\*(C'\fR at
+articles in wire format.  Wire format means storing articles with \f(CW\er\en\fR at
 the end of each line and with periods at the beginning of lines doubled,
 the article format required by the \s-1NNTP\s0 protocol.  Articles stored in this
 format are suitable for sending directly to a network connection without
@@ -533,8 +530,7 @@
 understand how to read wire format.  Storage methods other than tradspool
 always store articles in wire format.  This is a boolean value and the
 default is false.
-.IP "\fIxrefslave\fR" 4
-.IX Item "xrefslave"
+.Ip "\fIxrefslave\fR" 4
 Whether to act as the slave of another server.  If set, \s-1INN\s0 attempts to
 duplicate exactly the article numbering of the server feeding it by
 looking at the Xref: header of incoming articles and assigning the same
@@ -547,8 +543,7 @@
 the master server.  The upstream should be careful to always feed articles
 in order (\fIinnfeed\fR\|(8) can have problems with this in the event of a
 backlog).  This is a boolean value and the default is false.
-.IP "\fInfswriter\fR" 4
-.IX Item "nfswriter"
+.Ip "\fInfswriter\fR" 4
 For servers writing articles, determine whether the article spool is
 on \s-1NFS\s0 storage.  If set, \s-1INN\s0 attempts to flush articles to the spool
 in a more timely manner, rather than relying on the operating system
@@ -556,57 +551,49 @@
 this parameter if you are attempting to use a shared \s-1NFS\s0 spool on a
 machine acting as a single writer within a cluster.  This is a boolean
 value and the default is false.
-.IP "\fInfsreader\fR" 4
-.IX Item "nfsreader"
+.Ip "\fInfsreader\fR" 4
 For servers reading articles, determine whether the article spool is
 on \s-1NFS\s0 storage.  If set, \s-1INN\s0 will attempt to force articles and
 overviews to be read directly from the \s-1NFS\s0 spool rather than from
 cached copies.  You should only set this parameter if you are
 attempting to use a shared \s-1NFS\s0 spool on a machine acting a reader a
 cluster.  This is a boolean value and the default is false.
-.IP "\fInfsreaderdelay\fR" 4
-.IX Item "nfsreaderdelay"
+.Ip "\fInfsreaderdelay\fR" 4
 For servers reading articles, determine whether the article spool is
 on \s-1NFS\s0 storage.  If \fInfsreader\fR is set, \s-1INN\s0 will use the value of
-\&\fInfsreaderdelay\fR to delay the apparent arrival time of articles to
+\fInfsreaderdelay\fR to delay the apparent arrival time of articles to
 clients by this amount; this value should be tuned based on the \s-1NFS\s0
 cache timeouts locally.  This default is 60 (1 minute).
-.IP "\fImsgidcachesize\fR" 4
-.IX Item "msgidcachesize"
+.Ip "\fImsgidcachesize\fR" 4
 How many cache slots to reserve for Message \s-1ID\s0 to storage token
 translations.  When serving overview data to clients (\s-1NEWNEWS\s0, \s-1XOVER\s0
 etc.), \fInnrpd\fR\|(8) can cache the storage token associated with a Message
-\&\s-1ID\s0 and save the cost of looking it up in the history file; for some
+\s-1ID\s0 and save the cost of looking it up in the history file; for some
 configurations setting this parameter can save more than 90% of the
 wall clock time for a session.  The default value is 10000.
-.IP "\fItradindexedmmap\fR" 4
-.IX Item "tradindexedmmap"
+.Ip "\fItradindexedmmap\fR" 4
 Whether to attempt to \fImmap()\fR tradindexed overviews articles.  Setting
 this to true will give better performance on most systems, but some
 systems have problems with \fImmap()\fR.  If this is set to false, overviews
 will be read into memory before being sent to readers.  This is a
 boolean value and the default is true.
 .Sh "Reading"
-.IX Subsection "Reading"
 These parameters affect the behavior of \s-1INN\s0 for readers.  Most of them are
 used by \fInnrpd\fR\|(8).  There are some special sets of settings that are broken
 out separately after the initial alphabetized list.
-.IP "\fIallownewnews\fR" 4
-.IX Item "allownewnews"
+.Ip "\fIallownewnews\fR" 4
 Whether to allow use of the \s-1NEWNEWS\s0 command by clients.  This command used
 to put a heavy load on the server in older versions of \s-1INN\s0, but is now
 reasonably efficient, at least if only one newsgroup is specified by the
 client.  This is a boolean value and the default is true.  If you use the
-\&\fIaccess\fR parameter in \fIreaders.conf\fR, be sure to read about the way it
+\fIaccess\fR parameter in \fIreaders.conf\fR, be sure to read about the way it
 overrides \fIallownewnews\fR.
-.IP "\fIarticlemmap\fR" 4
-.IX Item "articlemmap"
+.Ip "\fIarticlemmap\fR" 4
 Whether to attempt to \fImmap()\fR articles.  Setting this to true will give
 better performance on most systems, but some systems have problems with
-\&\fImmap()\fR.  If this is set to false, articles will be read into memory before
+\fImmap()\fR.  If this is set to false, articles will be read into memory before
 being sent to readers.  This is a boolean value and the default is false.
-.IP "\fIclienttimeout\fR" 4
-.IX Item "clienttimeout"
+.Ip "\fIclienttimeout\fR" 4
 How long (in seconds) a client connection can be idle before it exits.
 When setting this parameter, be aware that some newsreaders use the same
 connection for reading and posting and don't deal well with the connection
@@ -614,16 +601,14 @@
 problem with too many long-lived connections, it may be a good idea to
 increase this value to \f(CW3600\fR (an hour).  The default value is \f(CW600\fR
 (ten minutes).
-.IP "\fIinitialtimeout\fR" 4
-.IX Item "initialtimeout"
+.Ip "\fIinitialtimeout\fR" 4
 How long (in seconds) \fBnnrpd\fR will wait for the first command from a
 reader connection before dropping the connection.  This is a defensive
 timeout intended to protect the news server from badly behaved reader
 clients that open and abandon a multitude of connections without every
 closing them.  The default value is \f(CW10\fR (ten seconds), which may need to
 be increased if many clients connect via slow network links.
-.IP "\fInnrpdcheckart\fR" 4
-.IX Item "nnrpdcheckart"
+.Ip "\fInnrpdcheckart\fR" 4
 Whether \fBnnrpd\fR should check the existence of an article before listing
 it as present in response to an \s-1NNTP\s0 command.  The primary use of this
 setting is to prevent nnrpd from returning information about articles
@@ -632,43 +617,37 @@
 overview information slows down the overview commands, but reduces the
 number of \*(L"article is missing\*(R" errors seen by the client.  This is a
 boolean value and the default is true.
-.IP "\fInnrpperlauth\fR" 4
-.IX Item "nnrpperlauth"
+.Ip "\fInnrpperlauth\fR" 4
 This parameter is now obsolete; see \*(L"Changes to Perl Authentication
-Support for nnrpd\*(R" in \fIdoc/hook\-perl\fR.
-.IP "\fInnrppythonauth\fR" 4
-.IX Item "nnrppythonauth"
+Support for nnrpd\*(R" in \fIdoc/hook-perl\fR.
+.Ip "\fInnrppythonauth\fR" 4
 This parameter is now obsolete; see \*(L"Changes to Python Authentication and
-Access Control Support for nnrpd\*(R" in \fIdoc/hook\-python\fR.
-.IP "\fInoreader\fR" 4
-.IX Item "noreader"
+Access Control Support for nnrpd\*(R" in \fIdoc/hook-python\fR.
+.Ip "\fInoreader\fR" 4
 Normally, \fIinnd\fR\|(8) will fork a copy of \fInnrpd\fR\|(8) for all incoming
 connections from hosts not listed in \fIincoming.conf\fR.  If this parameter
 is set to true, those connections will instead be rejected with a 502
 error code.  This should be set to true for a transit-only server that
 doesn't support readers, or if nnrpd is running in daemon mode or being
 started out of inetd.  This is a boolean value and the default is false.
-.IP "\fIreaderswhenstopped\fR" 4
-.IX Item "readerswhenstopped"
+.Ip "\fIreaderswhenstopped\fR" 4
 Whether to allow readers to connect even if the server is paused or
 throttled.  This is only applicable if \fInnrpd\fR\|(8) is spawned from \fIinnd\fR\|(8)
 rather than run out of inetd or in daemon mode.  This is a boolean value
 and the default is false.
-.IP "\fIreadertrack\fR" 4
-.IX Item "readertrack"
+.Ip "\fIreadertrack\fR" 4
 Whether to enable the tracking system for client behavior.  Tracked
-information is recorded to \fIpathlog\fR/tracklogs/log\-ID, where \s-1ID\s0 is
+information is recorded to \fIpathlog\fR/tracklogs/log-\s-1ID\s0, where \s-1ID\s0 is
 determined by nnrpd's \s-1PID\s0 and launch time.)  Currently the information
 recorded includes initial connection and posting; only information about
 clients listed in \fInnrpd.track\fR is recorded.  This is a boolean value and
 the default is false.
-.IP "\fInnrpdloadlimit\fR" 4
-.IX Item "nnrpdloadlimit"
+.Ip "\fInnrpdloadlimit\fR" 4
 If set to a value other than \f(CW0\fR, connections to nnrpd will be refused
 if the system load average is higher than this value.  The default value
 is \f(CW16\fR.
 .PP
-\&\s-1INN\s0 has optional support for generating keyword information automatically
+\s-1INN\s0 has optional support for generating keyword information automatically
 from article body text and putting that information in overview for the
 use of clients that know to look for it.  The following parameters control
 that feature.
@@ -677,128 +656,112 @@
 will not be useful for the average news reader; enabling this is not
 recommended unless you have some specific intention to take advantage of
 it.
-.IP "\fIkeywords\fR" 4
-.IX Item "keywords"
+.Ip "\fIkeywords\fR" 4
 Whether the keyword generation support should be enabled.  This is a
 boolean value and the default is false.
 .Sp
-\&\s-1FIXME:\s0 Currently, support for keyword generation is configured into \s-1INN\s0
+\s-1FIXME\s0: Currently, support for keyword generation is configured into \s-1INN\s0
 semi-randomly (based on whether configure found the regex library); it
 should be an option to configure and that option should be mentioned here.
-.IP "\fIkeyartlimit\fR" 4
-.IX Item "keyartlimit"
+.Ip "\fIkeyartlimit\fR" 4
 Articles larger than this value in bytes will not have keywords generated
 for them (since it would take too long to do so).  The default value is
-\&\f(CW100000\fR (approximately 100 \s-1KB\s0).
-.IP "\fIkeylimit\fR" 4
-.IX Item "keylimit"
+\f(CW100000\fR (approximately 100 \s-1KB\s0).
+.Ip "\fIkeylimit\fR" 4
 Maximum number of bytes allocated for keyword data.  If there are more
 keywords than will fit into this many bytes when separated by commas, the
 rest are discarded.  The default value is \f(CW512\fR.
-.IP "\fIkeymaxwords\fR" 4
-.IX Item "keymaxwords"
+.Ip "\fIkeymaxwords\fR" 4
 Maximum number of keywords that will be generated for an article.  (The
 keyword generation code will attempt to discard \*(L"noise\*(R" words, so the
 number of keywords actually writen into the overview will usually be
 smaller than this even if the maximum number of keywords is found.)  The
 default value is \f(CW250\fR.
 .Sh "Posting"
-.IX Subsection "Posting"
 These parameters are only used by \fInnrpd\fR\|(8), \fIinews\fR\|(1), and other programs
 that accept or generate postings.  There are some special sets of settings
 that are broken out separately after the initial alphabetized list.
-.IP "\fIaddnntppostingdate\fR" 4
-.IX Item "addnntppostingdate"
-Whether to add an NNTP\-Posting\-Date: header to all local posts.  This is a
-boolean value and the default is true.  Note that \s-1INN\s0 either does not add
-this header or adds the name or \s-1IP\s0 address of the client.  There is no
-intrinsic support for obfuscating the name of the client.  That has to be
-done with a user-written Perl filter, if desired.
-.IP "\fIaddnntppostinghost\fR" 4
-.IX Item "addnntppostinghost"
-Whether to add an NNTP\-Posting\-Host: header to all local posts giving the
-\&\s-1FQDN\s0 or \s-1IP\s0 address of the system from which the post was received.  This
+.Ip "\fIaddnntppostingdate\fR" 4
+Whether to add an \s-1NNTP\s0\-Posting-Date: header to all local posts.  This is a
+boolean value and the default is true.
+.Ip "\fIaddnntppostinghost\fR" 4
+Whether to add an \s-1NNTP\s0\-Posting-Host: header to all local posts giving the
+\s-1FQDN\s0 or \s-1IP\s0 address of the system from which the post was received.  This
 is a boolean value and the default is true.
-.IP "\fIcheckincludedtext\fR" 4
-.IX Item "checkincludedtext"
+.Ip "\fIcheckincludedtext\fR" 4
 Whether to check local postings for the ratio of new to quoted text and
 reject them if that ratio is under 50%.  Included text is recognized by
-looking for lines beginning with \f(CW\*(C`>\*(C'\fR, \f(CW\*(C`|\*(C'\fR, or \f(CW\*(C`:\*(C'\fR.  This is a
+looking for lines beginning with \f(CW>\fR, \f(CW|\fR, or \f(CW:\fR.  This is a
 boolean value and the default is false.
-.IP "\fIcomplaints\fR" 4
-.IX Item "complaints"
-The value of the X\-Complaints\-To: header added to all local posts.  The
-default is the newsmaster's e\-mail address.  (If the newsmaster, selected
-at configure time and defaulting to \f(CW\*(C`usenet\*(C'\fR, doesn't contain \f(CW\*(C`@\*(C'\fR, the
-address will consist of the newsmaster, a \f(CW\*(C`@\*(C'\fR, and the value of
-\&\fIfromhost\fR.)
-.IP "\fIfromhost\fR" 4
-.IX Item "fromhost"
-Contains a domain used to construct e\-mail addresses.  The address of the
+.Ip "\fIcomplaints\fR" 4
+The value of the X\-Complaints-To: header added to all local posts.  The
+default is the newsmaster's e-mail address.  (If the newsmaster, selected
+at configure time and defaulting to \f(CWusenet\fR, doesn't contain \f(CW@\fR, the
+address will consist of the newsmaster, a \f(CW@\fR, and the value of
+\fIfromhost\fR.)
+.Ip "\fIfromhost\fR" 4
+Contains a domain used to construct e-mail addresses.  The address of the
 local news administrator will be given as <user>@\fIfromhost\fR, where <user>
-is the newsmaster user set at compile time (\f(CW\*(C`usenet\*(C'\fR by default).  This
+is the newsmaster user set at compile time (\f(CWusenet\fR by default).  This
 setting will also be used by \fImailpost\fR\|(8) to fully qualify addresses and by
-\&\fIinews\fR\|(1) to generate the Sender: header (and From: header if missing).
+\fIinews\fR\|(1) to generate the Sender: header (and From: header if missing).
 The value of the \s-1FROMHOST\s0 environment variable, if set, overrides this
 setting.  The default is the fully-qualified domain name of the local
 host.
-.IP "\fIlocalmaxartsize\fR" 4
-.IX Item "localmaxartsize"
+.Ip "\fIlocalmaxartsize\fR" 4
 The maximum article size (in bytes) for locally posted articles.  Articles
 larger than this will be rejected.  See also \fImaxartsize\fR, which applies
 to all articles including those posted locally.  The default value is
-\&\f(CW1000000\fR (approximately 1 \s-1MB\s0).
-.IP "\fImoderatormailer\fR" 4
-.IX Item "moderatormailer"
+\f(CW1000000\fR (approximately 1 \s-1MB\s0).
+.Ip "\fImoderatormailer\fR" 4
 The address to which to send submissions for moderated groups.  It is only
 used if the \fImoderators\fR file doesn't exist, or if the moderated group to
 which an article is posted is not matched by any entry in that file, and
 takes the same form as an entry in the \fImoderators\fR file.  In most cases,
-\&\f(CW\*(C`%s@moderators.isc.org\*(C'\fR is a good value for this parameter (\f(CW%s\fR is
+\f(CW%s@moderators.isc.org\fR is a good value for this parameter (\f(CW%s\fR is
 expanded into a form of the newsgroup name).  See \fImoderators\fR\|(5) for more
 details about the syntax.  The default is unset.  If this parameter isn't
 set and an article is posted to a moderated group that does not have a
 matching entry in the \fImoderators\fR file, the posting will be rejected
 with an error.
-.IP "\fInnrpdauthsender\fR" 4
-.IX Item "nnrpdauthsender"
+.Ip "\fInnrpdauthsender\fR" 4
 Whether to generate a Sender: header based on reader authentication.  If
 this parameter is set, a Sender: header will be added to local posts
 containing the identity assigned by \fIreaders.conf\fR.; if the assigned
-identity does not include an \f(CW\*(C`@\*(C'\fR, the reader's hostname is used.  If
+identity does not include an \f(CW@\fR, the reader's hostname is used.  If
 this parameter is set but no identity can be assigned, the Sender:
 header will be removed from all posts even if the poster includes one.
 This is a boolean value and the default is false.
-.IP "\fInnrpdposthost\fR" 4
-.IX Item "nnrpdposthost"
+.Ip "\fInnrpdauthfrom\fR" 4
+If set, \fInnrpd\fR\|(8) will rewrite the From: header line in the message
+based on reader authentication as configured in \fIreaders.conf\fR. If
+there is no authentication, posting the message will fail.
+This is a boolean value and the default is false.
+.Ip "\fInnrpdposthost\fR" 4
 If set, \fInnrpd\fR\|(8) and \fIrnews\fR\|(1) will pass all locally posted articles to the
 specified host rather than trying to inject them locally.  See also
-\&\fInnrpdpostport\fR.  This should always be set if \fIxrefslave\fR is true.  The
+\fInnrpdpostport\fR.  This should always be set if \fIxrefslave\fR is true.  The
 default value is unset.
-.IP "\fInnrpdpostport\fR" 4
-.IX Item "nnrpdpostport"
+.Ip "\fInnrpdpostport\fR" 4
 The port on the remote server to connect to to post when \fInnrpdposthost\fR
 is used.  The default value is \f(CW119\fR.
-.IP "\fIorganization\fR" 4
-.IX Item "organization"
+.Ip "\fIorganization\fR" 4
 What to put in the Organization: header if it is left blank by the poster.
 The value of the \s-1ORGANIZATION\s0 environment variable, if set, overrides this
 setting.  The default is unset, which tells \s-1INN\s0 not to insert an
 Organization: header.
-.IP "\fIspoolfirst\fR" 4
-.IX Item "spoolfirst"
+.Ip "\fIspoolfirst\fR" 4
 If true, \fInnrpd\fR\|(8) will spool new articles rather than attempting to send
 them to \fIinnd\fR\|(8).  If false, nnrpd will spool articles only if it receives
 an error trying to send them to innd.  Setting this to true can be useful
 if nnrpd must respond as fast as possible to the client; however, when
 set, articles will not appear to readers until they are given to innd.
-nnrpd won't do this; \f(CW\*(C`rnews \-U\*(C'\fR must be run periodically to take the
+nnrpd won't do this; \f(CWrnews -U\fR must be run periodically to take the
 spooled articles and post them.  This is a boolean value and the default
 is false.
-.IP "\fIstrippostcc\fR" 4
-.IX Item "strippostcc"
+.Ip "\fIstrippostcc\fR" 4
 Whether to strip To:, Cc:, and Bcc: headers out of all local posts via
-\&\fInnrpd\fR\|(8).  The primary purpose of this setting is to prevent abuse of the
+\fInnrpd\fR\|(8).  The primary purpose of this setting is to prevent abuse of the
 news server by posting to a moderated group and including To: or Cc:
 headers in the post so that the news server will send the article to
 arbitrary addresses.  \s-1INN\s0 now protects against this abuse in other ways
@@ -806,11 +769,11 @@
 this is generally no longer needed.  This is a boolean value and the
 default is false.
 .PP
-\&\fInnrpd\fR\|(8) has support for controlling high-volume posters via an
+\fInnrpd\fR\|(8) has support for controlling high-volume posters via an
 exponential backoff algorithm, as configured by the following parameters.
 .PP
 Exponential posting backoff works as follows:  News clients are indexed by
-\&\s-1IP\s0 address (or username, see \fIbackoffauth\fR below).  Each time a post is
+\s-1IP\s0 address (or username, see \fIbackoffauth\fR below).  Each time a post is
 received from an \s-1IP\s0 address, the time of posting is stored (along with the
 previous sleep time, see below).  After a configurable number of posts in
 a configurable period of time, \fInnrpd\fR\|(8) will activate posting backoff and
@@ -823,7 +786,7 @@
 posting.  If this difference is less than \fIbackoffpostfast\fR, the new
 sleep time will be 1 + (previous sleep time * \fIbackoffk\fR).  If this
 difference is less than \fIbackoffpostslow\fR but greater than
-\&\fIbackoffpostfast\fR, then the new sleep time will equal the previous sleep
+\fIbackoffpostfast\fR, then the new sleep time will equal the previous sleep
 time.  If this difference is greater than \fIbackoffpostslow\fR, the new
 sleep time is zero and posting backoff is deactivated for this poster.
 .PP
@@ -832,251 +795,206 @@
 than their default values.
 .PP
 Here are the parameters that control exponential posting backoff:
-.IP "\fIbackoffauth\fR" 4
-.IX Item "backoffauth"
+.Ip "\fIbackoffauth\fR" 4
 Whether to index posting backoffs by user rather than by source \s-1IP\s0
 address.  You must be using authentication in \fInnrpd\fR\|(8) for a value of true
 to have any meaning.  This is a boolean value and the default is false.
-.IP "\fIbackoffdb\fR" 4
-.IX Item "backoffdb"
+.Ip "\fIbackoffdb\fR" 4
 The path to a directory, writeable by the news user, that will contain the
 backoff database.  There is no default for this parameter; you must
 provide a path to a creatable or writeable directory to enable exponential
 backoff.
-.IP "\fIbackoffk\fR" 4
-.IX Item "backoffk"
+.Ip "\fIbackoffk\fR" 4
 The amount to multiply the previous sleep time by if the user is still
 posting too quickly.  A value of \f(CW2\fR will double the sleep time for each
 excessive post.  The default value is \f(CW1\fR.
-.IP "\fIbackoffpostfast\fR" 4
-.IX Item "backoffpostfast"
+.Ip "\fIbackoffpostfast\fR" 4
 Postings from the same identity that arrive in less than this amount of
 time (in seconds) will trigger increasing sleep time in the backoff
 algorithm.  The default value is \f(CW0\fR.
-.IP "\fIbackoffpostslow\fR" 4
-.IX Item "backoffpostslow"
+.Ip "\fIbackoffpostslow\fR" 4
 Postings from the same identity that arrive in greater than this amount of
 time (in seconds) will reset the backoff algorithm.  Another way to look
 at this constant is to realize that posters will be allowed to generate at
 most 86400/\fIbackoffpostslow\fR posts per day.  The default value is \f(CW1\fR.
-.IP "\fIbackofftrigger\fR" 4
-.IX Item "backofftrigger"
+.Ip "\fIbackofftrigger\fR" 4
 This many postings are allowed before the backoff algorithm is triggered.
 The default value is \f(CW10000\fR.
 .Sh "Monitoring"
-.IX Subsection "Monitoring"
 These parameters control the behavior of \fIinnwatch\fR\|(8), the program that
 monitors \s-1INN\s0 and informs the news administrator if anything goes wrong
 with it.
-.IP "\fIdoinnwatch\fR" 4
-.IX Item "doinnwatch"
+.Ip "\fIdoinnwatch\fR" 4
 Whether to start \fIinnwatch\fR\|(8) from rc.news.  This is a boolean value, and
 the default is true.
-.IP "\fIinnwatchbatchspace\fR" 4
-.IX Item "innwatchbatchspace"
+.Ip "\fIinnwatchbatchspace\fR" 4
 Free space in \fIpathoutgoing\fR, in \fIinndf\fR\|(8) output units (normally
 kilobytes), at which \fIinnd\fR\|(8) will be throttled by \fIinnwatch\fR\|(8), assuming a
 default \fIinnwatch.ctl\fR.  The default value is \f(CW800\fR.
-.IP "\fIinnwatchlibspace\fR" 4
-.IX Item "innwatchlibspace"
+.Ip "\fIinnwatchlibspace\fR" 4
 Free space in \fIpathdb\fR, in \fIinndf\fR\|(8) output units (normally kilobytes), at
 which \fIinnd\fR\|(8) will be throttled by \fIinnwatch\fR\|(8), assuming a default
-\&\fIinnwatch.ctl\fR.  The default value is \f(CW25000\fR.
-.IP "\fIinnwatchloload\fR" 4
-.IX Item "innwatchloload"
+\fIinnwatch.ctl\fR.  The default value is \f(CW25000\fR.
+.Ip "\fIinnwatchloload\fR" 4
 Load average times 100 at which \fIinnd\fR\|(8) will be restarted by \fIinnwatch\fR\|(8)
 (undoing a previous pause or throttle), assuming a default
-\&\fIinnwatch.ctl\fR.  The default value is \f(CW1000\fR (that is, a load average of
+\fIinnwatch.ctl\fR.  The default value is \f(CW1000\fR (that is, a load average of
 10.00).
-.IP "\fIinnwatchhiload\fR" 4
-.IX Item "innwatchhiload"
+.Ip "\fIinnwatchhiload\fR" 4
 Load average times 100 at which \fIinnd\fR\|(8) will be throttled by \fIinnwatch\fR\|(8),
 assuming a default \fIinnwatch.ctl\fR.  The default value is \f(CW2000\fR (that
 is, a load average of 20.00).
-.IP "\fIinnwatchpauseload\fR" 4
-.IX Item "innwatchpauseload"
+.Ip "\fIinnwatchpauseload\fR" 4
 Load average times 100 at which \fIinnd\fR\|(8) will be paused by \fIinnwatch\fR\|(8),
 assuming a default \fIinnwatch.ctl\fR.  The default value is \f(CW1500\fR (that
 is, a load average of 15.00).
-.IP "\fIinnwatchsleeptime\fR" 4
-.IX Item "innwatchsleeptime"
+.Ip "\fIinnwatchsleeptime\fR" 4
 How long (in seconds) \fIinnwatch\fR\|(8) will sleep between each check of \s-1INN\s0.
 The default value is \f(CW600\fR.
-.IP "\fIinnwatchspoolnodes\fR" 4
-.IX Item "innwatchspoolnodes"
+.Ip "\fIinnwatchspoolnodes\fR" 4
 Free inodes in \fIpatharticles\fR at which \fIinnd\fR\|(8) will be throttled by
-\&\fIinnwatch\fR\|(8), assuming a default \fIinnwatch.ctl\fR.  The default value is
-\&\f(CW200\fR.
-.IP "\fIinnwatchspoolspace\fR" 4
-.IX Item "innwatchspoolspace"
+\fIinnwatch\fR\|(8), assuming a default \fIinnwatch.ctl\fR.  The default value is
+\f(CW200\fR.
+.Ip "\fIinnwatchspoolspace\fR" 4
 Free space in \fIpatharticles\fR and \fIpathoverview\fR, in \fIinndf\fR\|(8) output
 units (normally kilobytes), at which \fIinnd\fR\|(8) will be throttled by
-\&\fIinnwatch\fR\|(8), assuming a default \fIinnwatch.ctl\fR.  The default value is
-\&\f(CW8000\fR.
+\fIinnwatch\fR\|(8), assuming a default \fIinnwatch.ctl\fR.  The default value is
+\f(CW8000\fR.
 .Sh "Logging"
-.IX Subsection "Logging"
 These parameters control what information \s-1INN\s0 logs.
-.IP "\fIdocnfsstat\fR" 4
-.IX Item "docnfsstat"
+.Ip "\fIdocnfsstat\fR" 4
 Whether to start \fIcnfsstat\fR\|(8) when \fIinnd\fR\|(8) is started.  cnfsstat will log
 the status of all \s-1CNFS\s0 cycbuffs to syslog on a periodic basis (frequency
-is the default for \f(CW\*(C`cnfsstat \-l\*(C'\fR, currently 600 seconds).  This is a
+is the default for \f(CWcnfsstat -l\fR, currently 600 seconds).  This is a
 boolean value and the default is false.
-.IP "\fIlogartsize\fR" 4
-.IX Item "logartsize"
+.Ip "\fIlogartsize\fR" 4
 Whether the size of accepted articles (in bytes) should be written to the
 article log file.  This is useful for flow rate statistics and is
 recommended.  This is a boolean value and the default is true.
-.IP "\fIlogcancelcomm\fR" 4
-.IX Item "logcancelcomm"
-Set this to true to log \f(CW\*(C`ctlinnd cancel\*(C'\fR commands to syslog.  This is a
+.Ip "\fIlogcancelcomm\fR" 4
+Set this to true to log \f(CWctlinnd cancel\fR commands to syslog.  This is a
 boolean value and the default is false.
-.IP "\fIlogcycles\fR" 4
-.IX Item "logcycles"
+.Ip "\fIlogcycles\fR" 4
 How many old logs \fIscanlogs\fR\|(8) keeps.  \fIscanlogs\fR\|(8) is generally run by
-\&\fInews.daily\fR\|(8) and will archive compressed copies of this many days worth
+news.\fIdaily\fR\|(8) and will archive compressed copies of this many days worth
 of old logs.  The default value is \f(CW3\fR.
-.IP "\fIlogipaddr\fR" 4
-.IX Item "logipaddr"
+.Ip "\fIlogipaddr\fR" 4
 Whether the verified name of the remote feeding host should be logged to
 the article log for incoming articles rather than the last entry in the
 Path: header.  The only reason to ever set this to false is due to some
 interactions with \fInewsfeeds\fR flags; see \fInewsfeeds\fR\|(5) for more
 information.  This is a boolean value and the default is true.
-.IP "\fIlogsitename\fR" 4
-.IX Item "logsitename"
+.Ip "\fIlogsitename\fR" 4
 Whether the names of the sites to which accepted articles will be sent
 should be put into the article log file.  This is useful for debugging and
 statistics and can be used by \fInewsrequeue\fR\|(8).  This is a boolean value and
 the default is true.
-.IP "\fInnrpdoverstats\fR" 4
-.IX Item "nnrpdoverstats"
+.Ip "\fInnrpdoverstats\fR" 4
 Whether nnrpd overview statistics should be logged via syslog.  This can
 be useful for measuring overview performance.  This is a boolean value and
 the default is false.
-.IP "\fInntpactsync\fR" 4
-.IX Item "nntpactsync"
+.Ip "\fInntpactsync\fR" 4
 How many articles to process on an incoming channel before logging the
 activity.  The default value is \f(CW200\fR.
 .Sp
-\&\s-1FIXME:\s0 This is a rather unintuitive name for this parameter.
-.IP "\fInntplinklog\fR" 4
-.IX Item "nntplinklog"
+\s-1FIXME\s0: This is a rather unintuitive name for this parameter.
+.Ip "\fInntplinklog\fR" 4
 Whether to put the storage \s-1API\s0 token for accepted articles (used by
 nntplink) in the article log.  This is a boolean value and the default is
 false.
-.IP "\fIstathist\fR" 4
-.IX Item "stathist"
+.Ip "\fIstathist\fR" 4
 Where to write history statistics for analysis with
-\&\fIcontrib/stathist.pl\fR; this can be modified with \fIctlinnd\fR\|(8) while innd is
+\fIcontrib/stathist.pl\fR; this can be modified with \fIctlinnd\fR\|(8) while innd is
 running.  Logging does not occur unless a path is given, and there is no
 default value.
-.IP "\fIstatus\fR" 4
-.IX Item "status"
+.Ip "\fIstatus\fR" 4
 How frequently (in seconds) \fIinnd\fR\|(8) should write out a status report.  The
 report is written to \fIpathhttp\fR/inn_status.html.  If this is set to \f(CW0\fR or
-\&\f(CW\*(C`false\*(C'\fR, status reporting is disabled.  The default value is \f(CW0\fR.
-.IP "\fItimer\fR" 4
-.IX Item "timer"
+\f(CWfalse\fR, status reporting is disabled.  The default value is \f(CW0\fR.
+.Ip "\fItimer\fR" 4
 How frequently (in seconds) \fIinnd\fR\|(8) should report performance timings to
-syslog.  If this is set to \f(CW0\fR or \f(CW\*(C`false\*(C'\fR, performance timing is
+syslog.  If this is set to \f(CW0\fR or \f(CWfalse\fR, performance timing is
 disabled.  Enabling this is highly recommended, and \fIinnreport\fR\|(8) can
 produce a nice summary of the timings.  The default value is \f(CW0\fR.
 .Sh "System Tuning"
-.IX Subsection "System Tuning"
 The following parameters can be modified to tune the low-level operation
 of \s-1INN\s0.  In general, you shouldn't need to modify any of them except
 possibly \fIrlimitnofile\fR unless the server is having difficulty.
-.IP "\fIbadiocount\fR" 4
-.IX Item "badiocount"
+.Ip "\fIbadiocount\fR" 4
 How many read or write failures until a channel is put to sleep or
 closed.  The default value is \f(CW5\fR.
-.IP "\fIblockbackoff\fR" 4
-.IX Item "blockbackoff"
+.Ip "\fIblockbackoff\fR" 4
 Each time an attempted write returns \s-1EAGAIN\s0 or \s-1EWOULDBLOCK\s0, \fIinnd\fR\|(8) will
 wait for an increasing number of seconds before trying it again.  This is
 the multiplier for the sleep time.  If you're having trouble with channel
 feeds not keeping up, it may be good to change this value to \f(CW2\fR or \f(CW3\fR,
 since then when the channel fills \s-1INN\s0 will try again in a couple of
 seconds rather than waiting two minutes.  The default value is \f(CW120\fR.
-.IP "\fIchaninacttime\fR" 4
-.IX Item "chaninacttime"
+.Ip "\fIchaninacttime\fR" 4
 The time (in seconds) to wait between noticing inactive channels.  The
 default value is \f(CW600\fR.
-.IP "\fIchanretrytime\fR" 4
-.IX Item "chanretrytime"
+.Ip "\fIchanretrytime\fR" 4
 How many seconds to wait before a channel restarts.  The default value is
-\&\f(CW300\fR.
-.IP "\fIdatamovethreshold\fR" 4
-.IX Item "datamovethreshold"
+\f(CW300\fR.
+.Ip "\fIdatamovethreshold\fR" 4
 The threshold for deciding whether to move already-read data to the top of
 buffer or extend the buffer.  The buffer described here is used for reading
-\&\s-1NNTP\s0 data.  Increasing this value may improve performance, but it should
+\s-1NNTP\s0 data.  Increasing this value may improve performance, but it should
 not be increased on Systems with insufficient memory.  Permitted values
 are between \f(CW0\fR and \f(CW1048576\fR (out of range values are treated as
-\&\f(CW1048576\fR) and the default value is \f(CW8192\fR.  
-.IP "\fIicdsynccount\fR" 4
-.IX Item "icdsynccount"
+\f(CW1048576\fR) and the default value is \f(CW8192\fR.  
+.Ip "\fIicdsynccount\fR" 4
 How many article writes between updating the active and history files.
 The default value is \f(CW10\fR.
-.IP "\fIkeepmmappedthreshold\fR" 4
-.IX Item "keepmmappedthreshold"
+.Ip "\fIkeepmmappedthreshold\fR" 4
 When using buffindexed, retrieving overview data (that is, responding to
-\&\s-1XOVER\s0 or running expireover) causes mmapping of all overview data blocks
+\s-1XOVER\s0 or running expireover) causes mmapping of all overview data blocks
 which include requested overview data for newsgroup.  But for high volume
 newsgroups like control.cancel, this may cause too much mmapping at once
 leading to system resource problems.  To avoid this, if the amount to be
 mmapped exceeds \fIkeepmmappedthreshold\fR (in \s-1KB\s0), buffindexed mmap's just
 one overview block (8 \s-1KB\s0).  This parameter is specific to buffindexed
 overview storage method.  The default value is \f(CW1024\fR (1 \s-1MB\s0).
-.IP "\fImaxcmdreadsize\fR" 4
-.IX Item "maxcmdreadsize"
+.Ip "\fImaxcmdreadsize\fR" 4
 If set to anything other than \f(CW0\fR, maximum buffer size (in bytes) for
 reading \s-1NNTP\s0 command will have this value.  It should not be large on
 systems which are slow to process and store articles, as that would lead
 to \fIinnd\fR\|(8) spending a long time on each channel and keeping other channels
 waiting.  The default value is \s-1BUFSIZ\s0 defined in stdio.h (\f(CW1024\fR in most
 environments, see \fIsetbuf\fR\|(3)).
-.IP "\fImaxforks\fR" 4
-.IX Item "maxforks"
+.Ip "\fImaxforks\fR" 4
 How many times to attempt a \fIfork\fR\|(2) before giving up.  The default value
 is \f(CW10\fR.
-.IP "\fInicekids\fR" 4
-.IX Item "nicekids"
+.Ip "\fInicekids\fR" 4
 If set to anything other than \f(CW0\fR, all child processes of \fIinnd\fR\|(8) will
 have this \fInice\fR\|(2) value.  This is usually used to give all child processes
 of \fIinnd\fR\|(8) a lower priority (higher nice value) so that \fIinnd\fR\|(8) can get
 the lion's share of the \s-1CPU\s0 when it needs it.  The default value is \f(CW4\fR.
-.IP "\fInicenewnews\fR" 4
-.IX Item "nicenewnews"
+.Ip "\fInicenewnews\fR" 4
 If set to anything greater than \f(CW0\fR, all \fInnrpd\fR\|(8) processes that receive
 and process a \s-1NEWNEWS\s0 command will \fInice\fR\|(2) themselves to this value
 (giving other nnrpd processes a higher priority).  The default value is
-\&\f(CW0\fR.  Note that this value will be ignored if set to a lower value than
-\&\fInicennrpd\fR (or \fInicekids\fR if \fInnrpd\fR\|(8) is spawned from \fIinnd\fR\|(8)).
-.IP "\fInicennrpd\fR" 4
-.IX Item "nicennrpd"
+\f(CW0\fR.  Note that this value will be ignored if set to a lower value than
+\fInicennrpd\fR (or \fInicekids\fR if \fInnrpd\fR\|(8) is spawned from \fIinnd\fR\|(8)).
+.Ip "\fInicennrpd\fR" 4
 If set to anything greater than \f(CW0\fR, all \fInnrpd\fR\|(8) processes will \fInice\fR\|(1)
 themselves to this value.  This gives other news processes a higher
 priority and can help \fIoverchan\fR\|(8) keep up with incoming news (if that's
 the object, be sure \fIoverchan\fR\|(8) isn't also set to a lower priority via
-\&\fInicekids\fR).  The default value is \f(CW0\fR, which will cause \fInnrpd\fR\|(8)
+\fInicekids\fR).  The default value is \f(CW0\fR, which will cause \fInnrpd\fR\|(8)
 processes spawned from \fIinnd\fR\|(8) to use the value of \fInicekids\fR, while
-\&\fInnrpd\fR\|(8) run as a daemon will use the system default priority.  Note that
+\fInnrpd\fR\|(8) run as a daemon will use the system default priority.  Note that
 for \fInnrpd\fR\|(8) processes spawned from \fIinnd\fR\|(8), this value will be ignored if
 set to a value lower than \fInicekids\fR.
-.IP "\fIpauseretrytime\fR" 4
-.IX Item "pauseretrytime"
+.Ip "\fIpauseretrytime\fR" 4
 Wait for this many seconds before noticing inactive channels.
 Wait for this many seconds before innd processes articles when it's paused
 or the number of channel write failures exceeds \fIbadiocount\fR.  The
 default value is \f(CW300\fR.
-.IP "\fIpeertimeout\fR" 4
-.IX Item "peertimeout"
+.Ip "\fIpeertimeout\fR" 4
 How long (in seconds) an \fIinnd\fR\|(8) incoming channel may be inactive before
 innd closes it.  The default value is \f(CW3600\fR (an hour).
-.IP "\fIrlimitnofile\fR" 4
-.IX Item "rlimitnofile"
+.Ip "\fIrlimitnofile\fR" 4
 The maximum number of file descriptors that \fIinnd\fR\|(8) or \fIinnfeed\fR\|(8) can have
 open at once.  If \fIinnd\fR\|(8) or \fIinnfeed\fR\|(8) attempts to open more file
 descriptors than this value, it is possible the program may throttle or
@@ -1087,90 +1005,72 @@
 operating system will be used; this will normally be adequate on systems
 other than Solaris.  Nearly all operating systems have some hard maximum
 limit beyond which this value cannot be raised, usually either 128, 256,
-or 1024.  The default value of this parameter is \f(CW\*(C`\-1\*(C'\fR.  Setting it to
-\&\f(CW256\fR on Solaris systems is highly recommended.
+or 1024.  The default value of this parameter is \f(CW-1\fR.  Setting it to
+\f(CW256\fR on Solaris systems is highly recommended.
 .Sh "Paths and File Names"
-.IX Subsection "Paths and File Names"
-.IP "\fIpatharchive\fR" 4
-.IX Item "patharchive"
+.Ip "\fIpatharchive\fR" 4
 Where to store archived news.  The default value is \fIpathspool\fR/archive.
-.IP "\fIpatharticles\fR" 4
-.IX Item "patharticles"
+.Ip "\fIpatharticles\fR" 4
 The path to where the news articles are stored (for storage methods other
 than \s-1CNFS\s0).  The default value is \fIpathspool\fR/articles.
-.IP "\fIpathbin\fR" 4
-.IX Item "pathbin"
+.Ip "\fIpathbin\fR" 4
 The path to the news binaries.  The default value is \fIpathnews\fR/bin.
-.IP "\fIpathcontrol\fR" 4
-.IX Item "pathcontrol"
+.Ip "\fIpathcontrol\fR" 4
 The path to the files that handle control messages.  The code for handling
 each separate type of control message is located here.  Be very careful
-what you put in this directory with a name ending in \f(CW\*(C`.pl\*(C'\fR, as it can
+what you put in this directory with a name ending in \f(CW.pl\fR, as it can
 potentially be a severe security risk.  The default value is
-\&\fIpathbin\fR/control.
-.IP "\fIpathdb\fR" 4
-.IX Item "pathdb"
+\fIpathbin\fR/control.
+.Ip "\fIpathdb\fR" 4
 The path to the database files used and updated by the server (currently,
-\&\fIactive\fR, \fIactive.times\fR, \fIhistory\fR and its indices, and
-\&\fInewsgroups\fR).  The default value is \fIpathnews\fR/db.
-.IP "\fIpathetc\fR" 4
-.IX Item "pathetc"
+\fIactive\fR, \fIactive.times\fR, \fIhistory\fR and its indices, and
+\fInewsgroups\fR).  The default value is \fIpathnews\fR/db.
+.Ip "\fIpathetc\fR" 4
 The path to the news configuration files.  The default value is
-\&\fIpathnews\fR/etc.
-.IP "\fIpathfilter\fR" 4
-.IX Item "pathfilter"
+\fIpathnews\fR/etc.
+.Ip "\fIpathfilter\fR" 4
 The path to the Perl, Tcl, and Python filters.  The default value is
-\&\fIpathbin\fR/filter.
-.IP "\fIpathhttp\fR" 4
-.IX Item "pathhttp"
+\fIpathbin\fR/filter.
+.Ip "\fIpathhttp\fR" 4
 Where any \s-1HTML\s0 files (such as periodic status reports) are placed.  If the
 news reports should be available in real-time on the web, the files in
 this directory should be served by a web server.  The default value is
 the value of \fIpathlog\fR.
-.IP "\fIpathincoming\fR" 4
-.IX Item "pathincoming"
+.Ip "\fIpathincoming\fR" 4
 Location where incoming batched news is stored.  The default value is
-\&\fIpathspool\fR/incoming.
-.IP "\fIpathlog\fR" 4
-.IX Item "pathlog"
+\fIpathspool\fR/incoming.
+.Ip "\fIpathlog\fR" 4
 Where the news log files are written.  The default value is
-\&\fIpathnews\fR/log.
-.IP "\fIpathnews\fR" 4
-.IX Item "pathnews"
+\fIpathnews\fR/log.
+.Ip "\fIpathnews\fR" 4
 The home directory of the news user and usually the root of the news
 hierarchy.  There is no default; this parameter must be set in \fIinn.conf\fR
 or \s-1INN\s0 will refuse to start.
-.IP "\fIpathoutgoing\fR" 4
-.IX Item "pathoutgoing"
+.Ip "\fIpathoutgoing\fR" 4
 Default location for outgoing feed files.  The default value is
-\&\fIpathspool\fR/outgoing.
-.IP "\fIpathoverview\fR" 4
-.IX Item "pathoverview"
+\fIpathspool\fR/outgoing.
+.Ip "\fIpathoverview\fR" 4
 The path to news overview files.  The default value is
-\&\fIpathspool\fR/overview.
-.IP "\fIpathrun\fR" 4
-.IX Item "pathrun"
+\fIpathspool\fR/overview.
+.Ip "\fIpathrun\fR" 4
 The path to files required while the server is running and run-time state
 information.  This includes lock files and the sockets for communicating
 with \fIinnd\fR\|(8).  This directory and the control sockets in it should be
 protected from unprivileged users other than the news user.  The default
 value is \fIpathnews\fR/run.
-.IP "\fIpathspool\fR" 4
-.IX Item "pathspool"
+.Ip "\fIpathspool\fR" 4
 The root of the news spool hierarchy.  This used mostly to set the
 defaults for other parameters, and to determine the path to the backlog
 directory for \fIinnfeed\fR\|(8).  The default value is \fIpathnews\fR/spool.
-.IP "\fIpathtmp\fR" 4
-.IX Item "pathtmp"
+.Ip "\fIpathtmp\fR" 4
 Where \s-1INN\s0 puts temporary files.  For security reasons, this is not the
 same as the system temporary files directory (\s-1INN\s0 creates a lot of
 temporary files with predictable names and does not go to particularly
 great lengths to protect against symlink attacks and the like; this
 is safe provided that normal users can't write into its temporary
 directory).  The default value is set at configure time and defaults to
-\&\fIpathnews\fR/tmp.
+\fIpathnews\fR/tmp.
 .SH "EXAMPLE"
-.IX Header "EXAMPLE"
 Here is a very minimalist example that only sets those parameters that are
 required.
 .PP
@@ -1181,19 +1081,321 @@
 \&    pathnews:           /usr/local/news
 \&    hismethod:          hisv6
 .Ve
-.PP
 For a more comprehensive example, see the sample \fIinn.conf\fR distributed
-with \s-1INN\s0 and installed as a starting point; it contains all of the default
+with INN and installed as a starting point; it contains all of the default
 values for reference.
 .SH "HISTORY"
-.IX Header "HISTORY"
 Written by Rich \f(CW$alz\fR <rsalz@uunet.uu.net> for InterNetNews and since
 modified, updated, and reorganized by innumerable other people.
 .PP
-$Id: inn.conf.5,v 1.119.2.2 2003/09/08 04:36:29 rra Exp $
+$Id: inn.conf.5,v 1.1 2003/12/11 20:19:22 mc Exp mc $
 .SH "SEE ALSO"
-.IX Header "SEE ALSO"
-\&\fIinews\fR\|(1), \fIinnd\fR\|(8), \fIinnwatch\fR\|(8), \fInnrpd\fR\|(8), \fIrnews\fR\|(1).
+\fIinews\fR\|(1), \fIinnd\fR\|(8), \fIinnwatch\fR\|(8), \fInnrpd\fR\|(8), \fIrnews\fR\|(1).
 .PP
-Nearly every program in \s-1INN\s0 uses this file to one degree or another.  The
+Nearly every program in INN uses this file to one degree or another.  The
 above are just the major and most frequently mentioned ones.
+
+.rn }` ''
+.IX Title "inn.conf 5"
+.IX Name "inn.conf - Configuration data for InterNetNews programs"
+
+.IX Header "NAME"
+
+.IX Header "DESCRIPTION"
+
+.IX Header "PARAMETERS"
+
+.IX Subsection "General Settings"
+
+.IX Item "\fIdomain\fR"
+
+.IX Item "\fIinnflags\fR"
+
+.IX Item "\fImailcmd\fR"
+
+.IX Item "\fImta\fR"
+
+.IX Item "\fIpathhost\fR"
+
+.IX Item "\fIserver\fR"
+
+.IX Subsection "Feed Configuration"
+
+.IX Item "\fIartcutoff\fR"
+
+.IX Item "\fIbindaddress\fR"
+
+.IX Item "\fIbindaddress6\fR"
+
+.IX Item "\fIhiscachesize\fR"
+
+.IX Item "\fIignorenewsgroups\fR"
+
+.IX Item "\fIimmediatecancel\fR"
+
+.IX Item "\fIlinecountfuzz\fR"
+
+.IX Item "\fImaxartsize\fR"
+
+.IX Item "\fImaxconnections\fR"
+
+.IX Item "\fIpathalias\fR"
+
+.IX Item "\fIpgpverify\fR"
+
+.IX Item "\fIport\fR"
+
+.IX Item "\fIrefusecybercancels\fR"
+
+.IX Item "\fIremembertrash\fR"
+
+.IX Item "\fIsourceaddress\fR"
+
+.IX Item "\fIsourceaddress6\fR"
+
+.IX Item "\fIverifycancels\fR"
+
+.IX Item "\fIwanttrash\fR"
+
+.IX Item "\fIwipcheck\fR"
+
+.IX Item "\fIwipexpire\fR"
+
+.IX Item "\fIdontrejectfiltered\fR"
+
+.IX Subsection "Article Storage"
+
+.IX Item "\fIcnfscheckfudgesize\fR"
+
+.IX Item "\fIenableoverview\fR"
+
+.IX Item "\fIgroupbaseexpiry\fR"
+
+.IX Item "\fImergetogroups\fR"
+
+.IX Item "\fIovercachesize\fR"
+
+.IX Item "\fIovgrouppat\fR"
+
+.IX Item "\fIovmethod\fR"
+
+.IX Item "\f(CWbuffindexed\fR"
+
+.IX Item "\f(CWtradindexed\fR"
+
+.IX Item "\f(CWovdb\fR"
+
+.IX Item "\fIhismethod\fR"
+
+.IX Item "\f(CWhisv6\fR"
+
+.IX Item "\fIstoreonxref\fR"
+
+.IX Item "\fIuseoverchan\fR"
+
+.IX Item "\fIwireformat\fR"
+
+.IX Item "\fIxrefslave\fR"
+
+.IX Item "\fInfswriter\fR"
+
+.IX Item "\fInfsreader\fR"
+
+.IX Item "\fInfsreaderdelay\fR"
+
+.IX Item "\fImsgidcachesize\fR"
+
+.IX Item "\fItradindexedmmap\fR"
+
+.IX Subsection "Reading"
+
+.IX Item "\fIallownewnews\fR"
+
+.IX Item "\fIarticlemmap\fR"
+
+.IX Item "\fIclienttimeout\fR"
+
+.IX Item "\fIinitialtimeout\fR"
+
+.IX Item "\fInnrpdcheckart\fR"
+
+.IX Item "\fInnrpperlauth\fR"
+
+.IX Item "\fInnrppythonauth\fR"
+
+.IX Item "\fInoreader\fR"
+
+.IX Item "\fIreaderswhenstopped\fR"
+
+.IX Item "\fIreadertrack\fR"
+
+.IX Item "\fInnrpdloadlimit\fR"
+
+.IX Item "\fIkeywords\fR"
+
+.IX Item "\fIkeyartlimit\fR"
+
+.IX Item "\fIkeylimit\fR"
+
+.IX Item "\fIkeymaxwords\fR"
+
+.IX Subsection "Posting"
+
+.IX Item "\fIaddnntppostingdate\fR"
+
+.IX Item "\fIaddnntppostinghost\fR"
+
+.IX Item "\fIcheckincludedtext\fR"
+
+.IX Item "\fIcomplaints\fR"
+
+.IX Item "\fIfromhost\fR"
+
+.IX Item "\fIlocalmaxartsize\fR"
+
+.IX Item "\fImoderatormailer\fR"
+
+.IX Item "\fInnrpdauthsender\fR"
+
+.IX Item "\fInnrpdauthfrom\fR"
+
+.IX Item "\fInnrpdposthost\fR"
+
+.IX Item "\fInnrpdpostport\fR"
+
+.IX Item "\fIorganization\fR"
+
+.IX Item "\fIspoolfirst\fR"
+
+.IX Item "\fIstrippostcc\fR"
+
+.IX Item "\fIbackoffauth\fR"
+
+.IX Item "\fIbackoffdb\fR"
+
+.IX Item "\fIbackoffk\fR"
+
+.IX Item "\fIbackoffpostfast\fR"
+
+.IX Item "\fIbackoffpostslow\fR"
+
+.IX Item "\fIbackofftrigger\fR"
+
+.IX Subsection "Monitoring"
+
+.IX Item "\fIdoinnwatch\fR"
+
+.IX Item "\fIinnwatchbatchspace\fR"
+
+.IX Item "\fIinnwatchlibspace\fR"
+
+.IX Item "\fIinnwatchloload\fR"
+
+.IX Item "\fIinnwatchhiload\fR"
+
+.IX Item "\fIinnwatchpauseload\fR"
+
+.IX Item "\fIinnwatchsleeptime\fR"
+
+.IX Item "\fIinnwatchspoolnodes\fR"
+
+.IX Item "\fIinnwatchspoolspace\fR"
+
+.IX Subsection "Logging"
+
+.IX Item "\fIdocnfsstat\fR"
+
+.IX Item "\fIlogartsize\fR"
+
+.IX Item "\fIlogcancelcomm\fR"
+
+.IX Item "\fIlogcycles\fR"
+
+.IX Item "\fIlogipaddr\fR"
+
+.IX Item "\fIlogsitename\fR"
+
+.IX Item "\fInnrpdoverstats\fR"
+
+.IX Item "\fInntpactsync\fR"
+
+.IX Item "\fInntplinklog\fR"
+
+.IX Item "\fIstathist\fR"
+
+.IX Item "\fIstatus\fR"
+
+.IX Item "\fItimer\fR"
+
+.IX Subsection "System Tuning"
+
+.IX Item "\fIbadiocount\fR"
+
+.IX Item "\fIblockbackoff\fR"
+
+.IX Item "\fIchaninacttime\fR"
+
+.IX Item "\fIchanretrytime\fR"
+
+.IX Item "\fIdatamovethreshold\fR"
+
+.IX Item "\fIicdsynccount\fR"
+
+.IX Item "\fIkeepmmappedthreshold\fR"
+
+.IX Item "\fImaxcmdreadsize\fR"
+
+.IX Item "\fImaxforks\fR"
+
+.IX Item "\fInicekids\fR"
+
+.IX Item "\fInicenewnews\fR"
+
+.IX Item "\fInicennrpd\fR"
+
+.IX Item "\fIpauseretrytime\fR"
+
+.IX Item "\fIpeertimeout\fR"
+
+.IX Item "\fIrlimitnofile\fR"
+
+.IX Subsection "Paths and File Names"
+
+.IX Item "\fIpatharchive\fR"
+
+.IX Item "\fIpatharticles\fR"
+
+.IX Item "\fIpathbin\fR"
+
+.IX Item "\fIpathcontrol\fR"
+
+.IX Item "\fIpathdb\fR"
+
+.IX Item "\fIpathetc\fR"
+
+.IX Item "\fIpathfilter\fR"
+
+.IX Item "\fIpathhttp\fR"
+
+.IX Item "\fIpathincoming\fR"
+
+.IX Item "\fIpathlog\fR"
+
+.IX Item "\fIpathnews\fR"
+
+.IX Item "\fIpathoutgoing\fR"
+
+.IX Item "\fIpathoverview\fR"
+
+.IX Item "\fIpathrun\fR"
+
+.IX Item "\fIpathspool\fR"
+
+.IX Item "\fIpathtmp\fR"
+
+.IX Header "EXAMPLE"
+
+.IX Header "HISTORY"
+
+.IX Header "SEE ALSO"
+
Index: isc/inn/doc/pod/inn.conf.pod
diff -u isc/inn/doc/pod/inn.conf.pod:1.1.1.1 isc/inn/doc/pod/inn.conf.pod:1.2
--- isc/inn/doc/pod/inn.conf.pod:1.1.1.1	Fri Apr  9 12:35:11 2004
+++ isc/inn/doc/pod/inn.conf.pod	Sat Apr 10 12:29:24 2004
@@ -732,6 +732,20 @@
 header will be removed from all posts even if the poster includes one.
 This is a boolean value and the default is false.
 
+=item I<nnrpdauthfrom>
+
+If set, nnrpd(8) will rewrite the From: header line in the message
+based on reader authentication as configured in F<readers.conf>. If
+there is no authentication, posting the message will fail.
+This is a boolean value and the default is false.
+
+=item I<nnrpdacl>
+
+If set, nnrpd(8) will check the access of the identified user of this
+session in a Berkeley DB database to see if the user can read or post
+an article or even list a certain group.  This is a boolean value and
+the default is false.
+
 =item I<nnrpdposthost>
 
 If set, nnrpd(8) and rnews(1) will pass all locally posted articles to the
Index: isc/inn/include/userdb.h
diff -u /dev/null isc/inn/include/userdb.h:1.1
--- /dev/null	Sat Apr 10 12:34:08 2004
+++ isc/inn/include/userdb.h	Sat Apr 10 12:29:24 2004
@@ -0,0 +1,60 @@
+/* Here be constants, datatypes and function declerations for the
+ * nnrpd user and ACL database. See nnrpd/userdb.c.
+ *
+ * mc@hack.org
+ *
+ */
+
+/* Group flags */
+
+#define GRP_SECRET 1
+#define GRP_ACL    1 << 1
+
+/* Membership flags */
+
+#define MEM_READ     1
+#define MEM_POST     1 << 1
+#define MEM_APPROVE  1 << 2
+#define MEM_EXTERNAL 1 << 3
+
+/* GROUPMAX should be the number of elements in struct newsgroup. */
+
+#define GROUPMAX 6
+struct newsgroup
+{
+    char creator[128];
+    char moderator[128];
+    int expire;
+    int flags;
+    char title[182];
+    char description[128];
+};
+
+
+/* USERMAX should be the number of elements in struct newsgroup. */
+
+#define USERMAX 10
+struct user
+{
+    char password[30];
+    char fullname[64];
+    char address[128];
+    time_t online_since;
+    time_t last_online;
+    time_t total_time;
+    long written_arts;
+    long read_arts;
+    char description[256];
+    char faceurl[256];
+};
+
+
+/*
+** Public functions
+ */
+
+int db_getgroup(char *group, struct newsgroup *newsgroup);
+int db_getuser(char *username, struct user *user);
+int db_getacl(char *group, char *user, int *acl);
+int db_groupflag(char *group, int flag);
+int db_aclflag(char *group, char *user, int flag);
Index: isc/inn/include/inn/innconf.h
diff -u isc/inn/include/inn/innconf.h:1.1.1.1 isc/inn/include/inn/innconf.h:1.2
--- isc/inn/include/inn/innconf.h:1.1.1.1	Fri Apr  9 12:35:11 2004
+++ isc/inn/include/inn/innconf.h	Sat Apr 10 12:29:24 2004
@@ -97,6 +97,8 @@
     long localmaxartsize;       /* Max article size of local postings */
     char *moderatormailer;      /* Default host to mail moderated articles */
     bool nnrpdauthsender;       /* Add authenticated Sender: header? */
+    bool nnrpdauthfrom;         /* Rewrite From: header with auth data? */
+    bool nnrpdacl;              /* Use access control lists? */    
     char *nnrpdposthost;        /* Host postings should be forwarded to */
     long nnrpdpostport;         /* Port postings should be forwarded to */
     char *organization;         /* Data for the Organization: header */
Index: isc/inn/lib/innconf.c
diff -u isc/inn/lib/innconf.c:1.1.1.1 isc/inn/lib/innconf.c:1.2
--- isc/inn/lib/innconf.c:1.1.1.1	Fri Apr  9 12:35:12 2004
+++ isc/inn/lib/innconf.c	Sat Apr 10 12:29:24 2004
@@ -204,6 +204,8 @@
     { K(nicenewnews),           NUMBER  (0) },
     { K(nicennrpd),             NUMBER  (0) },
     { K(nnrpdauthsender),       BOOL    (false) },
+    { K(nnrpdauthfrom),         BOOL    (false) },
+    { K(nnrpdacl),              BOOL    (false) },        
     { K(nnrpdloadlimit),        NUMBER  (16) },
     { K(nnrpdoverstats),        BOOL    (false) },
     { K(organization),          STRING  (NULL) },
Index: isc/inn/nnrpd/Makefile
diff -u isc/inn/nnrpd/Makefile:1.1.1.1 isc/inn/nnrpd/Makefile:1.2
--- isc/inn/nnrpd/Makefile:1.1.1.1	Fri Apr  9 12:35:12 2004
+++ isc/inn/nnrpd/Makefile	Sat Apr 10 12:29:24 2004
@@ -3,13 +3,13 @@
 include ../Makefile.global
 
 top		= ..
-CFLAGS		= $(GCFLAGS) $(SSLINC)
+CFLAGS		= $(GCFLAGS) $(SSLINC)  -I/usr/local/include/db41
 
 ALL		= nnrpd
 
 SOURCES		= article.c cache.c group.c commands.c line.c list.c misc.c \
 		  newnews.c nnrpd.c perl.c perm.c post.c python.c \
-		  sasl_config.c tls.c track.c
+		  sasl_config.c tls.c track.c userdb.c
 
 INCLUDES	= cache.h nnrpd.h post.h sasl_config.h tls.h
 
@@ -36,7 +36,7 @@
 ##  Compilation rules.
 
 NNRPDLIBS	= $(LIBHIST) $(LIBSTORAGE) $(LIBINN) $(EXTSTORAGELIBS) \
-		  $(PYTHONLIB) $(SSLLIB) $(LIBS) $(PERLLIB)
+		  $(PYTHONLIB) $(SSLLIB) $(LIBS) $(PERLLIB) -L/usr/local/lib -ldb41
 
 perl.o:		perl.c		; $(CC) $(CFLAGS) $(PERLINC) -c perl.c
 python.o:	python.c	; $(CC) $(CFLAGS) $(PYTHONINC) -c python.c
@@ -44,6 +44,8 @@
 nnrpd: $(OBJECTS) $(LIBHIST) $(LIBSTORAGE) $(LIBINN)
 	$(LIBLD) $(LDFLAGS) -o $@ $(OBJECTS) $(NNRPDLIBS)
 
+userdb: userdb.o 
+	$(LIBLD) $(LDFLAGS) -o userdb userdb.c -I/usr/local/include/db41 -I../include -L/usr/local/lib -ldb41
 
 ##  Installation rules.  Installation commands set in Makefile.global.
 
Index: isc/inn/nnrpd/group.c
diff -u isc/inn/nnrpd/group.c:1.1.1.1 isc/inn/nnrpd/group.c:1.2
--- isc/inn/nnrpd/group.c:1.1.1.1	Fri Apr  9 12:35:12 2004
+++ isc/inn/nnrpd/group.c	Sat Apr 10 12:29:23 2004
@@ -1,4 +1,4 @@
-/*  $Id: group.c,v 1.62 2003/02/10 03:28:25 rra Exp $
+/*  $Id: group.c,v 1.1 2003/12/11 19:23:36 mc Exp mc $
 **
 **  Newsgroups and the active file.
 */
@@ -9,6 +9,7 @@
 #include "inn/innconf.h"
 #include "nnrpd.h"
 #include "ov.h"
+#include "userdb.h"
 
 /*
 **  Change to or list the specified newsgroup.  If invalid, stay in the old
@@ -30,11 +31,6 @@
     hookpresent = PY_use_dynamic;
 #endif /* DO_PYTHON */
 
-    if (!hookpresent && !PERMcanread) {
-	Reply("%s\r\n", NOACCESS);
-	return;
-    }
-
     /* Parse arguments. */
     if (ac == 1) {
 	if (GRPcur == NULL) {
@@ -74,6 +70,23 @@
 
     /* If permission is denied, pretend group doesn't exist. */
     if (!hookpresent) {
+        if (PERMaccessconf->nnrpdacl) {
+
+            /* If the group has ACL turned on, check if user has the
+             * right to read. */
+
+            if (db_groupflag(group, GRP_ACL)) {
+                if (!db_aclflag(group, PERMuser, MEM_READ)) {
+                    Reply("%s %s\r\n", NOSUCHGROUP, group);
+                    free(group);
+                    return;
+                }
+            }
+        }
+
+        /* If we don't check access with ACLs, we might check with
+         * read patterns. */
+
         if (PERMspecified) {
             grplist[0] = group;
             grplist[1] = NULL;
@@ -246,6 +259,19 @@
 	    if (PERMspecified) {
 		grplist[0] = line;
 		grplist[1] = NULL;
+
+                /* Check if the group is secret. If it is, but the
+                 * user has access, list the group anyway.
+                 */
+
+                if (db_groupflag(line, GRP_SECRET)) {
+                    syslog(L_TRACE, "Checking %s for reading group %s",
+                           PERMuser, line);
+                    if (!db_aclflag(line, PERMuser, MEM_READ)) {
+                        continue;
+                    }
+                }
+
 		if (!PERMmatch(PERMreadlist, grplist))
 		    continue;
 	    }
Index: isc/inn/nnrpd/list.c
diff -u isc/inn/nnrpd/list.c:1.1.1.1 isc/inn/nnrpd/list.c:1.2
--- isc/inn/nnrpd/list.c:1.1.1.1	Fri Apr  9 12:35:12 2004
+++ isc/inn/nnrpd/list.c	Sat Apr 10 12:29:23 2004
@@ -1,4 +1,4 @@
-/*  $Id: list.c,v 1.1 2003/03/04 11:21:47 alexk Exp $
+/*  $Id: list.c,v 1.1 2003/12/11 19:44:03 mc Exp mc $
 **
 **  List commands.
 */
@@ -10,6 +10,7 @@
 #include "ov.h"
 #include "inn/innconf.h"
 #include "inn/messages.h"
+#include "userdb.h"
 
 typedef struct _LISTINFO {
     const char *method;
@@ -235,6 +236,7 @@
 	    syslog(L_ERROR, "%s single dot in %s", ClientHost, lp->File);
 	    continue;
 	}
+        
 	/* matching patterns against patterns is not that
 	   good but it's better than nothing ... */
 	if (lp == &INFOdistribpats) {
@@ -268,7 +270,18 @@
 		break;
 	    }
 	}
-	      
+
+        /* Check if the group is secret. If it is, but the user has
+         * access, list the group anyway.
+         */
+
+        if (db_groupflag(p, GRP_SECRET)) {
+	    syslog(L_TRACE, "Checking %s for reading group %s", PERMuser, p);
+            if (!db_aclflag(p, PERMuser, MEM_READ)) {
+                continue;
+            }
+        }
+        
 	if (PERMspecified) {
 	    grplist[0] = p;
 	    if (!PERMmatch(PERMreadlist, grplist))
Index: isc/inn/nnrpd/misc.c
diff -u isc/inn/nnrpd/misc.c:1.1.1.1 isc/inn/nnrpd/misc.c:1.2
--- isc/inn/nnrpd/misc.c:1.1.1.1	Fri Apr  9 12:35:12 2004
+++ isc/inn/nnrpd/misc.c	Sat Apr 10 12:29:23 2004
@@ -15,6 +15,7 @@
 #include "nnrpd.h"
 #include "tls.h"
 #include "sasl_config.h"
+#include "userdb.h"
 
 #ifdef HAVE_SSL
 extern SSL *tls_conn;
@@ -159,6 +160,20 @@
 		return true;
 	    *p = '\0';
 	}
+    }
+
+    if (PERMaccessconf->nnrpdacl) {
+	for (grp = grplist ; *grp != NULL ; grp++) {
+            if (!db_aclflag(*grp, PERMuser, MEM_READ))
+            {
+                syslog(L_TRACE, "db_aclflag returned a refuse string for user %s at %s who wants to read %s",
+                       PERMuser, ClientHost, p);
+                return false;
+            }
+        } /* for */
+
+        /* We have read access on all groups in the group list. */
+        return true;
     }
 
 #ifdef DO_PYTHON
Index: isc/inn/nnrpd/nnrpd.h
diff -u isc/inn/nnrpd/nnrpd.h:1.1.1.1 isc/inn/nnrpd/nnrpd.h:1.2
--- isc/inn/nnrpd/nnrpd.h:1.1.1.1	Fri Apr  9 12:35:12 2004
+++ isc/inn/nnrpd/nnrpd.h	Sat Apr 10 12:29:23 2004
@@ -1,4 +1,4 @@
-/*  $Id: nnrpd.h,v 1.76 2003/02/10 03:28:25 rra Exp $
+/*  $Id: nnrpd.h,v 1.1 2003/12/11 20:16:17 mc Exp mc $
 **
 **  Net News Reading Protocol server.
 */
@@ -87,6 +87,8 @@
     long backoff_trigger;
     int nnrpdcheckart;
     int nnrpdauthsender;
+    int nnrpdauthfrom;
+    int nnrpdacl;
     int virtualhost;
     char *newsmaster;
     long maxbytespersecond;
Index: isc/inn/nnrpd/perm.c
diff -u isc/inn/nnrpd/perm.c:1.1.1.1 isc/inn/nnrpd/perm.c:1.2
--- isc/inn/nnrpd/perm.c:1.1.1.1	Fri Apr  9 12:35:12 2004
+++ isc/inn/nnrpd/perm.c	Sat Apr 10 12:29:23 2004
@@ -157,11 +157,13 @@
 #define PERMperl_access         58
 #define PERMpython_access       59
 #define PERMpython_dynamic      60
+#define PERMnnrpdauthfrom	61
+#define PERMnnrpdacl            62
 #ifdef HAVE_SSL
-#define PERMrequire_ssl                61
-#define PERMMAX                        62
+#define PERMrequire_ssl                63
+#define PERMMAX                        64
 #else
-#define PERMMAX			61
+#define PERMMAX			63
 #endif
 
 #define TEST_CONFIG(a, b) \
@@ -247,6 +249,8 @@
   { PERMperl_access, "perl_access:" },
   { PERMpython_access, "python_access:" },
   { PERMpython_dynamic, "python_dynamic:" },
+  { PERMnnrpdauthfrom, "nnrpdauthfrom:" },
+  { PERMnnrpdacl, "nnrpdacl:" },  
 #ifdef HAVE_SSL
   { PERMrequire_ssl, "require_ssl:" },
 #endif
@@ -507,6 +511,8 @@
     curaccess->backoff_trigger = innconf->backofftrigger;
     curaccess->nnrpdcheckart = innconf->nnrpdcheckart;
     curaccess->nnrpdauthsender = innconf->nnrpdauthsender;
+    curaccess->nnrpdauthfrom = innconf->nnrpdauthfrom;
+    curaccess->nnrpdacl = innconf->nnrpdacl;
     curaccess->virtualhost = false;
     curaccess->newsmaster = NULL;
     curaccess->maxbytespersecond = 0;
@@ -1026,6 +1032,14 @@
 	if (boolval != -1) curaccess->nnrpdauthsender = boolval;
 	SET_CONFIG(oldtype);
 	break;
+      case PERMnnrpdauthfrom:
+	if (boolval != -1) curaccess->nnrpdauthfrom = boolval;
+	SET_CONFIG(oldtype);
+	break;
+      case PERMnnrpdacl:
+	if (boolval != -1) curaccess->nnrpdacl = boolval;
+	SET_CONFIG(oldtype);
+	break;                
       case PERMvirtualhost:
 	if (boolval != -1) curaccess->virtualhost = boolval;
 	SET_CONFIG(oldtype);
@@ -1293,6 +1307,8 @@
 	      case PERMbackoff_trigger:
 	      case PERMnnrpdcheckart:
 	      case PERMnnrpdauthsender:
+              case PERMnnrpdauthfrom:
+              case PERMnnrpdacl:                  
 	      case PERMvirtualhost:
 	      case PERMnewsmaster:
 		if (!curgroup) {
Index: isc/inn/nnrpd/post.c
diff -u isc/inn/nnrpd/post.c:1.1.1.1 isc/inn/nnrpd/post.c:1.2
--- isc/inn/nnrpd/post.c:1.1.1.1	Fri Apr  9 12:35:12 2004
+++ isc/inn/nnrpd/post.c	Sat Apr 10 12:29:23 2004
@@ -1,4 +1,4 @@
-/*  $Revision: 1.94 $
+/*  $Revision: 1.1 $
 **
 **  Check article, send it to the local server.
 */
@@ -9,6 +9,7 @@
 #include "nnrpd.h"
 #include "ov.h"
 #include "post.h"
+#include "userdb.h"
 
 #define FLUSH_ERROR(F)		(fflush((F)) == EOF || ferror((F)))
 #define HEADER_DELTA		20
@@ -360,6 +361,21 @@
 	}
     }
 
+    if (PERMaccessconf->nnrpdauthfrom) {
+	/* If the user is authorized, rewrite the From: header based
+         * on our information. If not authorized, fail miserably to
+         * post. */
+        
+	if (PERMauthorized) {
+	    if (PERMuser[0] != '\0') {
+                (void)snprintf(sendbuff, sizeof(sendbuff), "%s", PERMuser);
+                HDR_SET(HDR__FROM, sendbuff);
+            }
+	} else {
+            return "From: rewriting enabled. User needs to be authorized.";
+	}
+    }
+    
     /* Set Date.  datebuff is used later for NNTP-Posting-Date, so we have
        to set it and it has to be the UTC date. */
     if (!makedate(-1, false, datebuff, sizeof(datebuff)))
@@ -712,6 +728,16 @@
 	DDcheck(h, p);
 	switch (flag) {
 	case NF_FLAG_OK:
+            if (PERMaccessconf->nnrpdacl) {
+                /* If the group is access controlled...*/
+                if (db_groupflag(p, GRP_ACL)) {
+                    if (!db_aclflag(p, PERMuser, MEM_POST)) {
+		snprintf(Error, sizeof(Error),
+                         "Permission denied: %s not in ACL\r\n", PERMuser);
+                        break;
+                    }
+                }
+            }
 #ifdef DO_PYTHON
 	if (PY_use_dynamic) {
 	    char    *reply;
Index: isc/inn/nnrpd/userdb.c
diff -u /dev/null isc/inn/nnrpd/userdb.c:1.1
--- /dev/null	Sat Apr 10 12:34:08 2004
+++ isc/inn/nnrpd/userdb.c	Sat Apr 10 12:29:23 2004
@@ -0,0 +1,384 @@
+/* $Id: userdb.c,v 1.1 2004/04/10 10:29:23 mc Exp $
+**
+** Database interface for users and access control lists.
+**
+** mc@hack.org
+**
+*/
+
+#include <stdio.h>
+#include <fcntl.h>
+#include <string.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <sysexits.h>
+#include <string.h>
+#include <sys/syslimits.h>
+#include <db.h>
+#include <userdb.h>
+#include <inn/innconf.h>
+#include "config.h"
+#include "nnrpd.h"
+
+/* FIXME: Use pathdb in struct innconf to create these. */
+
+#define GROUPSDB "/usr/local/news/db/newsgroups.db"
+#define USERSDB "/usr/local/news/db/newsusers.db"
+#define ACLDBPREFIX "/usr/local/news/db/acl/"
+
+/*
+ * Separate data into an array of strings, stored in token.
+ */
+
+int
+tokenize(DBT data, char *token[], int max)
+{
+    char *s, *t, **tp;
+    int p, nr = 0;
+
+    /* Split at NUL */
+
+    s = data.data;
+    t = s;
+
+    for (p = 0, tp = token; p <= data.size; p ++)
+    {
+        if (s[p] == '\0')
+        {
+            *tp = t;
+            tp ++;
+            if (nr == max)
+                break;
+            else
+                nr ++;
+            t = &s[p + 1];
+        }
+    }
+
+    return nr;
+}
+
+int
+db_getgroup(char *group, struct newsgroup *newsgroup)
+{
+    DB *db;
+    DBT key, data;
+    int rc, nr;
+    char *fname = GROUPSDB;
+    char *token[GROUPMAX];
+    
+   /* Create the database... */
+
+    if ((rc = db_create(&db, NULL, 0)) != 0)
+    {
+	syslog(L_ERROR, "db_create:  %s\n", db_strerror(rc));
+        return 0;
+    }
+
+    if (0 != (rc = (db->open(db, NULL, fname, NULL, DB_HASH, DB_CREATE,
+                             0644))))
+    {
+	db->err(db, rc, "%s", fname);
+        return 0;
+    }
+
+    memset(&key, 0, sizeof key);
+    memset(&data, 0, sizeof data);
+
+    key.data = group;
+    key.size = strlen(group);
+
+    rc = db->get(db, NULL, &key, &data, 0);
+
+    if (0 == rc)
+    {
+        nr = tokenize(data, token, GROUPMAX);
+
+        if (GROUPMAX != nr)
+        {
+            syslog(L_ERROR, "db_getgroup(): tokenize() returned wrong number"
+                   "of args: %d\n", nr);
+            return 0;
+        }
+        
+#if DEBUG
+        for (p = 0; p < nr; p ++)
+        {
+            syslog(L_DEBUG, "%d: %s\n", p, token[p]);
+        }
+#endif
+
+        strlcpy(newsgroup->creator, token[0], sizeof (newsgroup->creator));
+        strlcpy(newsgroup->moderator, token[1], sizeof (newsgroup->moderator));
+        newsgroup->expire = atoi(token[2]);
+        newsgroup->flags = atoi(token[3]);
+        strlcpy(newsgroup->title, token[4], sizeof (newsgroup->title));
+        strlcpy(newsgroup->description, token[5],
+                sizeof (newsgroup->description));
+        
+        db->close(db, 0);
+        return 1;
+    }
+    else if (DB_NOTFOUND == rc)
+    {
+#if DEBUG
+        syslog(L_DEBUG, "Record with key \"%s\" does not exist in \"%s\".\n",
+               key.data, fname);
+#endif
+    }
+    else
+    {
+        db->err(db, rc, "%s", fname);
+    }
+
+    db->close(db, 0);    
+    return 0;
+}
+
+int
+db_getuser(char *username, struct user *user)
+{
+    DB *db;
+    DBT key, data;
+    int rc, nr;
+    char *fname = USERSDB;
+    char *token[USERMAX];
+    
+    /* Create the database... */
+
+    if ((rc = db_create(&db, NULL, 0)) != 0)
+    {
+	syslog(L_ERROR, "db_create:  %s\n", db_strerror(rc));
+        return 0;
+    }
+
+    if (0 != (rc = (db->open(db, NULL, fname, NULL, DB_HASH, DB_CREATE,
+                             0644))))
+    {
+	db->err(db, rc, "%s", fname);
+        return 0;
+    }
+
+    memset(&key, 0, sizeof(key));
+    memset(&data, 0, sizeof(data));
+
+    key.data = username;
+    key.size = strlen(username);
+
+    rc = db->get(db, NULL, &key, &data, 0);
+
+    if (0 == rc)
+    {
+        nr = tokenize(data, token, USERMAX);
+
+        if (USERMAX != nr)
+        {
+            syslog(L_ERROR, "db_getuser(): tokenize() returned wrong number "
+                   "of args: %d\n", nr);
+            return 0;
+        }
+
+#if DEBUG
+        for (p = 0; p < nr; p ++)
+        {
+            syslog(L_DEBUG, "%d: %s\n", p, token[p]);
+        }
+#endif
+
+        strlcpy(user->password, token[0], sizeof (user->password));
+        strlcpy(user->fullname, token[1], sizeof (user->fullname));
+        strlcpy(user->address, token[2], sizeof (user->address));        
+        user->online_since = atol(token[3]);
+        user->last_online = atol(token[4]);
+        user->total_time = atol(token[5]);
+        user->written_arts = atol(token[6]);
+        user->read_arts = atol(token[7]);
+        strlcpy(user->description, token[8], sizeof (user->description));
+        strlcpy(user->faceurl, token[9], sizeof (user->faceurl));
+        
+        db->close(db, 0);
+        return 1;
+    }
+    else if (DB_NOTFOUND == rc)
+    {
+#if DEBUG
+        syslog(L_DEBUG, "Record with key \"%s\" does not exist in \"%s\".\n",
+               key.data, fname);
+#endif
+    }
+    else
+    {
+        db->err(db, rc, "%s", fname);
+    }
+
+    db->close(db, 0);    
+    return 0;
+}
+
+int
+db_getacl(char *group, char *user, int *acl)
+{
+    DB *db;
+    DBT key, data;
+    int rc;
+    char fname[PATH_MAX];
+    char address[sizeof PERMuser],
+        *adrp;
+    
+    /* PERMuser might contain something like "Foo <foo@bar.com>". Deal
+     * with it. */
+
+    if (strchr(user, '<')) {
+        strlcpy(address, user, sizeof PERMuser);
+        adrp = address;
+        strsep(&adrp, "<");
+        adrp[strlen(adrp) - 1] = '\0';
+    }
+    else
+    {
+        adrp = user;
+    }
+
+    strlcpy(fname, ACLDBPREFIX, PATH_MAX);
+    strlcat(fname, group, PATH_MAX);
+    
+    /* Create the database pointer... */
+
+    if ((rc = db_create(&db, NULL, 0)) != 0)
+    {
+	syslog(L_ERROR, "db_create:  %s\n", db_strerror(rc));
+        goto cleanup;
+    }
+    
+    if (0 != (rc = (db->open(db, NULL, fname, NULL, DB_HASH, DB_CREATE,
+                             0644))))
+    {
+	db->err(db, rc, "%s", fname);
+        goto cleanup;
+    }
+
+    memset(&key, 0, sizeof key);
+    memset(&data, 0, sizeof data);
+
+    key.data = adrp;
+    key.size = strlen(adrp);
+
+    rc = db->get(db, NULL, &key, &data, 0);
+
+    if (0 == rc)
+    {
+        *acl = atoi(data.data);
+
+        db->close(db, 0);
+        return 1;
+    }
+    else if (DB_NOTFOUND == rc)
+    {
+#if DEBUG
+        syslog(L_DEBUG, "Record with key \"%s\" does not exist in \"%s\".\n",
+               key.data, fname);
+#endif
+    }
+    else
+    {
+        db->err(db, rc, "%s", fname);
+    }
+
+ cleanup:
+    db->close(db, 0);    
+    return 0;
+}
+
+/*
+ * Check if flag is set in group,
+ * returns boolean
+ */
+int
+db_groupflag(char *group, int flag)
+{
+    struct newsgroup newsgroup;
+
+    if (db_getgroup(group, &newsgroup))
+    {
+        if (newsgroup.flags & flag)
+        {
+            return 1;
+        }
+    }
+
+    return 0;
+}
+
+/*
+ * Check if an ACL flag is set.
+ */
+
+int
+db_aclflag(char *group, char *user, int flag)
+{
+    int acl;
+
+    if (db_getacl(group, user, &acl))
+    {
+        if (acl & flag)
+        {
+            return 1;
+        }
+    }
+    return 0;
+}
+
+#if 0
+/* Test the userdb.c functions. Remove the directives above and below
+ * main() if you want to compile this to a stand-alone program. */
+
+int
+main(void)
+{
+    int foo;
+    struct user user;
+    
+    foo = db_groupflag("hack.test", GRP_ACL);
+
+    if (foo)
+    {
+        puts("hack.test has ACLs");
+    }
+    else
+    {
+        puts("No ACLs for hack.test");
+    }
+
+    foo = db_aclflag("hack.2", "MC <mc@hack.org>", MEM_READ);
+
+    if (foo)
+    {
+        puts("mc@hack.org can read hack.2");
+    }
+    else
+    {
+        puts("No read right.");
+    }
+
+    /* Test it again, this time with an address without full name. */
+    
+    foo = db_aclflag("hack.2", "mc@hack.org", MEM_READ);
+
+    if (foo)
+    {
+        puts("mc@hack.org can read hack.2");
+    }
+    else
+    {
+        puts("No read right.");
+    }
+
+    foo = db_getuser("mc", &user);
+    if (foo)
+    {
+        printf("mc: %s\n", user.fullname);
+    }
+
+    exit(0);
+}
+#endif
Index: isc/inn/samples/inn.conf.in
diff -u isc/inn/samples/inn.conf.in:1.1.1.1 isc/inn/samples/inn.conf.in:1.2
--- isc/inn/samples/inn.conf.in:1.1.1.1	Fri Apr  9 12:35:12 2004
+++ isc/inn/samples/inn.conf.in	Sat Apr 10 12:29:23 2004
@@ -106,6 +106,8 @@
 localmaxartsize:        1000000
 #moderatormailer:
 nnrpdauthsender:        false
+nnrpdauthfrom:          false
+nnrpdacl:               false
 #nnrpdposthost:
 nnrpdpostport:          119
 spoolfirst:             false