When capitalizing the access tokens like xfer or read in the nntp_acces file, nntpd requires the authorization from the client for the respective operations. For instance, when specifying a permission of Xfer or XFER, nntpd will not let the client transfer articles to your site unless it passes authorization.
The authorization procedure is implemented by means of a new NNTP command named AUTHINFO. Using this command, the client transmits a user name and a password to the NNTP server. nntpd will validate them by checking them against the /etc/passwd database, and verify that the user belongs to the nntp group.
The current implementation of NNTP authorization is only experimental, and has therefore not been implemented very portably. The result of this is that it works only with plain-style password databases; shadow passwords will not be recognized.