AUTHINFO SIMPLE and PASS
julien at trigofacile.com
Tue Aug 26 05:50:00 UTC 2008
>> nnrpd currently supports
>> AUTHINFO SIMPLE user password
--> This is what there is in nnrpd.
>> but the way it is implemented is not documented in RFC 2980.
>> It is normally something bad, NNTP speaking:
>> AUTHINFO SIMPLE
>> user password
--> This is what RFC 2980.
3.1.2 AUTHINFO SIMPLE
When authorization is required, the server sends a 450 response
requesting authorization from the client. The client must enter
AUTHINFO SIMPLE. If the server will accept this form of
authentication, the server responds with a 350 response. The client
must then send the username followed by one or more space characters
followed by the password. If accepted, the server returns a 250
response and the client should then retry the original command to
which the server responded with the 450 response. The command should
then be processed by the server normally. If the combination is not
valid, the server will return a 452 response.
> Are you sure?
And note the weird codes in RFC 2980, especially: 250, 450 and 452!
Anyway, they are not what INN uses for it.
> I'm reluctant to drop it unless we can establish whether or not anyone's
> using it, although it's quite possible that no one is.
Sure but it is totally broken according to all RFCs.
>> Another question:
>> AUTHINFO PASS password
>> currently works with innd.
>> Should we enforce the use of AUTHINFO USER before?
>> I think it should because this direct authentication is not specified.
>> But it might break something with other servers which authenticate
>> this way(?)
> Er, good question... I have no idea how that works, actually.
Anyway, they should not use that direct authentication. It is specified
nowhere with AUTHINFO PASS.
Note that innfeed does the job right: it sends AUTHINFO USER and
« Ce qui est fait n'est plus à faire. »
More information about the inn-workers