AUTHINFO SIMPLE and PASS

Julien ÉLIE julien at trigofacile.com
Tue Aug 26 05:50:00 UTC 2008


Hi Russ,

>> nnrpd currently supports
>>
>>    AUTHINFO SIMPLE user password

--> This is what there is in nnrpd.


>> but the way it is implemented is not documented in RFC 2980.
>> It is normally something bad, NNTP speaking:
>>
>>    AUTHINFO SIMPLE
>>    350
>>    user password

--> This is what RFC 2980.

3.1.2 AUTHINFO SIMPLE

   AUTHINFO SIMPLE
   user password

   When authorization is required, the server sends a 450 response
   requesting authorization from the client.  The client must enter
   AUTHINFO SIMPLE.  If the server will accept this form of
   authentication, the server responds with a 350 response.  The client
   must then send the username followed by one or more space characters
   followed by the password.  If accepted, the server returns a 250
   response and the client should then retry the original command to
   which the server responded with the 450 response.  The command should
   then be processed by the server normally.  If the combination is not
   valid, the server will return a 452 response.


> Are you sure?

Yes.
And note the weird codes in RFC 2980, especially:  250, 450 and 452!
Anyway, they are not what INN uses for it.


> I'm reluctant to drop it unless we can establish whether or not anyone's
> using it, although it's quite possible that no one is.

Sure but it is totally broken according to all RFCs.


>> Another question:
>>
>>    AUTHINFO PASS password
>>    281
>>
>> currently works with innd.
>> Should we enforce the use of AUTHINFO USER before?
>> I think it should because this direct authentication is not specified.
>> But it might break something with other servers which authenticate
>> this way(?)
>
> Er, good question... I have no idea how that works, actually.

Anyway, they should not use that direct authentication.  It is specified
nowhere with AUTHINFO PASS.
Note that innfeed does the job right:  it sends AUTHINFO USER and
AUTHINFO PASS.

-- 
Julien ÉLIE

« Ce qui est fait n'est plus à faire. »



More information about the inn-workers mailing list