AUTHINFO SIMPLE and PASS
Russ Allbery
rra at stanford.edu
Tue Aug 26 20:25:30 UTC 2008
Julien ÉLIE <julien at trigofacile.com> writes:
> I still do not understand the logic behind. AUTHINFO GENERIC is enough
> to authenticate; no need to use AUTHINFO USER (?)
>
> If AUTHINFO GENERIC succeeds, it is fine. But PERMpass is never used
> (indeed, one cannot send other AUTHINFO commands).
Ah, yes, you're right.
> If AUTHINFO GENERIC fails, then PERMpass exists and people have
> to use AUTHINFO USER and AUTHINFO PASS afterwards. And the password
> has to be PERMpass.
>
> Is it the way it works? Double authentication?!? (A failed one with
> AUTHINFO GENERIC and a successful one afterwards?)
It would make sense if it were intended to allow people to issue AUTHINFO
USER/PASS after successful AUTHINFO GENERIC and have it still work if they
use the same password (working around broken clients, maybe). But that's
no longer supported by the code. I suspect that we may have changed this
along the way and made the code dead.
I think you can take out PERMpass at this point.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
Please send questions to the list rather than mailing me directly.
<http://www.eyrie.org/~eagle/faqs/questions.html> explains why.
More information about the inn-workers
mailing list