AUTHINFO SIMPLE and PASS

Russ Allbery rra at stanford.edu
Tue Aug 26 18:47:28 UTC 2008


Julien ÉLIE <julien at trigofacile.com> writes:

> All right.
> I have just deleted the code but not committed yet.
> In fact, I wonder what is the use of PERMpass.

It's used by the AUTHINFO GENERIC support, which spawns an external
program that kicks back an old nnrp.access line.  More stuff that I'm not
sure anyone is using any more.

> Did something go wrong?
> According to current code, PERMpass can be removed everywhere.
> Its value set in AUTHINFO GENERIC is not used...

> Or maybe I am totally wrong and do not understand PERMpass?

I think you're not understanding AUTHINFO GENERIC.  It's used to hold the
password returned by the external program so that it can be compared
against a password provided by the user, as near as I can tell.

> innd takes it.  Note that incoming.conf only defines password: for
> authentication.
>
> %telnet localhost 119
> 200 news.trigofacile.com InterNetNews server INN 2.5.0 (20080629 prerelease) ready
> AUTHINFO PASS pass
> 281
>
> It just ignores the user:
>
>    /* Ignore "authinfo user" commands, since we only care about the
>     * password. */
>    if (strncasecmp(p, USER, strlen(USER)) == 0) {
>        NCwritereply(cp, NNTP_AUTH_NEXT);
>        return;
>    }
>
> where USER="user " -- with a space :)

Oh, hm.  Yeah, I have no idea if anyone is taking advantage of that.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>

    Please send questions to the list rather than mailing me directly.
     <http://www.eyrie.org/~eagle/faqs/questions.html> explains why.


More information about the inn-workers mailing list