Clients for AUTHINFO access/440 error on post

Russ Allbery rra at stanford.edu
Sun Jan 12 03:22:27 UTC 2003


Jeffrey M Vinocur <jeff at litech.org> writes:

> If authentication is permitted at all, I think it's reasonable to return
> 480.  I would return 440 at most in the case where no authentication is
> permitted whatsoever, and even then it's not really necessary.  (I'm
> thinking about 200 vs 201 for the greeting string as an analogue.)

It's important to *not* return 480 in cases where no authentication is
possible, since that could trigger the sending of a password over a
clear-text connection.

Other than that, I think you're right; if the group is excluded by rule
and some authentication is possible, we should return a 480 response.
(This is probably also true of LIST ACTIVE on a single group, but not LIST
ACTIVE on multiple groups.)

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>

    Please send questions to the list rather than mailing me directly.
     <http://www.eyrie.org/~eagle/faqs/questions.html> explains why.


More information about the inn-workers mailing list