Russ Allbery rra at
Tue Aug 26 00:03:45 UTC 2008

Julien ÉLIE <julien at> writes:

> nnrpd currently supports
>    AUTHINFO SIMPLE user password
> but the way it is implemented is not documented in RFC 2980.
> It is normally something bad, NNTP speaking:
>    350
>    user password

Are you sure?  This is the code, and it doesn't look to me like it does

        if (strcasecmp(av[1], "simple") == 0) {
            if (ac != 4) {
                Reply("%d AUTHINFO SIMPLE <USER> <PASS>\r\n", NNTP_ERR_COMMAND);
            strlcpy(User, av[2], sizeof(User));
            strlcpy(Password, av[3], sizeof(Password));

> Furthermore, RFC 2980 says:
>   It is recommended that this command not be implemented, but use either
>   or both of the other forms of AUTHINFO if such functionality if
>   required.
> Therefore, I wonder whether support for AUTHINFO SIMPLE should be kept.
> (Yes, I know, I already asked for other commands but this one is
> undocumented the way it works with INN.)

I'm reluctant to drop it unless we can establish whether or not anyone's
using it, although it's quite possible that no one is.

> Another question:
>    AUTHINFO PASS password
>    281
> currently works with innd.
> Should we enforce the use of AUTHINFO USER before?
> I think it should because this direct authentication is not specified.
> But it might break something with other servers which authenticate
> this way(?)

Er, good question... I have no idea how that works, actually.

Russ Allbery (rra at             <>

    Please send questions to the list rather than mailing me directly.
     <> explains why.

More information about the inn-workers mailing list