AUTHINFO SIMPLE and PASS

Russ Allbery rra at stanford.edu
Tue Aug 26 07:33:42 UTC 2008


Julien ÉLIE <julien at trigofacile.com> writes:

> --> This is what RFC 2980.
>
> 3.1.2 AUTHINFO SIMPLE
>
>   AUTHINFO SIMPLE
>   user password
>
>   When authorization is required, the server sends a 450 response
>   requesting authorization from the client.  The client must enter
>   AUTHINFO SIMPLE.  If the server will accept this form of
>   authentication, the server responds with a 350 response.  The client
>   must then send the username followed by one or more space characters
>   followed by the password.  If accepted, the server returns a 250
>   response and the client should then retry the original command to
>   which the server responded with the 450 response.  The command should
>   then be processed by the server normally.  If the combination is not
>   valid, the server will return a 452 response.

Oh, hey, look at that.  Looks like we added AUTHINFO SIMPLE support when
readers.conf landed and got it completely wrong.

Well, that answers the question of whether anyone is using it.  INN didn't
support AUTHINFO SIMPLE until 2.3, and never supported it as specified in
RFC 2980.  I vote we just delete it.

Nice catch!

> Anyway, they should not use that direct authentication.  It is specified
> nowhere with AUTHINFO PASS.  Note that innfeed does the job right:  it
> sends AUTHINFO USER and AUTHINFO PASS.

If you send just AUTHINFO PASS to INN right now, what does it do?  And
does it normally just ignore the user?

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>

    Please send questions to the list rather than mailing me directly.
     <http://www.eyrie.org/~eagle/faqs/questions.html> explains why.


More information about the inn-workers mailing list