AUTHINFO SIMPLE and PASS
Russ Allbery
rra at stanford.edu
Tue Aug 26 00:03:45 UTC 2008
Julien ÉLIE <julien at trigofacile.com> writes:
> nnrpd currently supports
>
> AUTHINFO SIMPLE user password
>
> but the way it is implemented is not documented in RFC 2980.
> It is normally something bad, NNTP speaking:
>
> AUTHINFO SIMPLE
> 350
> user password
Are you sure? This is the code, and it doesn't look to me like it does
that:
if (strcasecmp(av[1], "simple") == 0) {
if (ac != 4) {
Reply("%d AUTHINFO SIMPLE <USER> <PASS>\r\n", NNTP_ERR_COMMAND);
return;
}
strlcpy(User, av[2], sizeof(User));
strlcpy(Password, av[3], sizeof(Password));
> Furthermore, RFC 2980 says:
>
> It is recommended that this command not be implemented, but use either
> or both of the other forms of AUTHINFO if such functionality if
> required.
>
> Therefore, I wonder whether support for AUTHINFO SIMPLE should be kept.
> (Yes, I know, I already asked for other commands but this one is
> undocumented the way it works with INN.)
I'm reluctant to drop it unless we can establish whether or not anyone's
using it, although it's quite possible that no one is.
> Another question:
>
> AUTHINFO PASS password
> 281
>
> currently works with innd.
> Should we enforce the use of AUTHINFO USER before?
> I think it should because this direct authentication is not specified.
> But it might break something with other servers which authenticate
> this way(?)
Er, good question... I have no idea how that works, actually.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
Please send questions to the list rather than mailing me directly.
<http://www.eyrie.org/~eagle/faqs/questions.html> explains why.
More information about the inn-workers
mailing list