The authorization procedure is implemented by means of a new NNTP command named AUTHINFO. Using this command, the client transmits a user name and a password to the NNTP server. nntpd will validate them by checking them against the /etc/passwd database, and verify that the user belongs to the nntp group.
The current implementation of NNTP authorization is only experimental, and has therefore not been implemented very portably. The result of this is that it works only with plain-style password databases; shadow passwords will not be recognized.