Towards 2.3...

[Brian Kantor]

>> Are you sure that SASL isn't supported by the news clients?
>Fairly.  Most of them only use AUTHINFO USER/PASS.

I'm probably going to get flamed for this, but I don't think anyone has
ever implemented and distributed any news software that had anything
more than the simple user and password stuff in it.  Last time I checked, 
even the "reference implementation" didn't do authentication and
authorization the same way as INN does.

It's all very well for people to write specifications for these
additions to NNTP, and there have been a several such specs written,
but I know of few that have actually been implemented.

I would wager that the requirement that there be two working implementations
of any standard will shortstop nearly all the NNTP enhancements that
have been proposed, as very few of them seem to actually exist as
running code.  Certainly my requests for a running server anywhere that
I could test clients against have been met with total silence, even
when addressed to the people proposing the enhancements.

On a more helpful note, perhaps:  there are some really nice skeletons
and subroutines collected in the OpenSSL package.  I'm finding it useful
when adding authentication and encryption to other common packages
that it might well be useful to snarf them for INN instead of writing
it all over again.

BTW, I'd really like to encourage someone to start writing even the
simplest regression test packages that can be included with the
distribution and used to test an installation of INN.  'inncheck'
is great but only scratches the surface.
	- Brian