AUTHINFO SIMPLE and PASS

Russ Allbery rra at stanford.edu
Tue Aug 26 20:25:30 UTC 2008


Julien ÉLIE <julien at trigofacile.com> writes:

> I still do not understand the logic behind.  AUTHINFO GENERIC is enough
> to authenticate; no need to use AUTHINFO USER (?)
>
> If AUTHINFO GENERIC succeeds, it is fine.  But PERMpass is never used
> (indeed, one cannot send other AUTHINFO commands).

Ah, yes, you're right.

> If AUTHINFO GENERIC fails, then PERMpass exists and people have
> to use AUTHINFO USER and AUTHINFO PASS afterwards.  And the password
> has to be PERMpass.
>
> Is it the way it works?  Double authentication?!?  (A failed one with
> AUTHINFO GENERIC and a successful one afterwards?)

It would make sense if it were intended to allow people to issue AUTHINFO
USER/PASS after successful AUTHINFO GENERIC and have it still work if they
use the same password (working around broken clients, maybe).  But that's
no longer supported by the code.  I suspect that we may have changed this
along the way and made the code dead.

I think you can take out PERMpass at this point.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>

    Please send questions to the list rather than mailing me directly.
     <http://www.eyrie.org/~eagle/faqs/questions.html> explains why.


More information about the inn-workers mailing list