James F. Hranicky jfh at
Thu Apr 19 15:53:37 UTC 2001

Attached is a Q&D patch that requires users who wish to authenticate
using AUTHINFO to use an SSLified connection to do so. 

A possible futher enhancement would be an option in inn.conf/readers.conf
to turn it off by default, and options in readers.conf to turn it on/off 
on a per sitebasis.

Tested with the following:


	- inn-2.3.1 on FreeBSD 4.2


	- netscape 4

	    o authinfo over SSL worked properly
	    o authinfo without SSL popped up the appropriate
	      error message

	- telnet

	    o authinfo through an SSL stunnel worked properly
	    o authinfo failed properly over plain telnet with both
		- authinfo user foo
		- authinfo simple user pass

	- other

	    o trn without ssl or authinfo works normally

| Jim Hranicky, Senior SysAdmin                   UF/CISE Department |
| E314D CSE Building                            Phone (352) 392-1499 |
| jfh at             |
         -  Encryption: its use by criminals is far less  - 
         - frightening than its banishment by governments -
                      - Vote for Privacy -

-- Binary/unsupported file stripped by Listar --
-- Type: application/x-patch 
-- File: inn-2.3.1-authinfo-ssl.patch
-- Desc: inn-2.3.1-authinfo-ssl.patch

More information about the inn-workers mailing list