nnrpd with RADIUS auth in INN-2.3.3

Russ Allbery rra at stanford.edu
Mon Mar 7 23:55:04 UTC 2005

Ben Rosengart <br+inn at panix.com> writes:

>   We at Panix believe we have found a bug in nnrpd from INN 2.3.3.
> When a user's password has a space in it (ASCII 0x20), nnrpd omits
> the portion after the space when building an auth request to pass
> to the external authenticator (in our case, radius).

The NNTP AUTHINFO USER/PASS protocol doesn't support passwords with spaces
in them.  This is made explicitly clear in the current working group
drafts and was unfortunately poorly documented prior to that.

We've considered whether or not to add support for passwords with spaces,
but it requires significant structural changes to the command parser in
INN, so to date we've not committed any changes for this.

The best thing is to use a SASL authentication mechanism, but of course
the clients can't support it yet.  The next best thing to do is to ask the
client to change their password so that it doesn't include a space.

Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>

    Please send questions to the list rather than mailing me directly.
     <http://www.eyrie.org/~eagle/faqs/questions.html> explains why.

More information about the inn-workers mailing list