Russ Allbery rra at
Tue Aug 26 20:25:30 UTC 2008

Julien ÉLIE <julien at> writes:

> I still do not understand the logic behind.  AUTHINFO GENERIC is enough
> to authenticate; no need to use AUTHINFO USER (?)
> If AUTHINFO GENERIC succeeds, it is fine.  But PERMpass is never used
> (indeed, one cannot send other AUTHINFO commands).

Ah, yes, you're right.

> If AUTHINFO GENERIC fails, then PERMpass exists and people have
> to use AUTHINFO USER and AUTHINFO PASS afterwards.  And the password
> has to be PERMpass.
> Is it the way it works?  Double authentication?!?  (A failed one with
> AUTHINFO GENERIC and a successful one afterwards?)

It would make sense if it were intended to allow people to issue AUTHINFO
USER/PASS after successful AUTHINFO GENERIC and have it still work if they
use the same password (working around broken clients, maybe).  But that's
no longer supported by the code.  I suspect that we may have changed this
along the way and made the code dead.

I think you can take out PERMpass at this point.

Russ Allbery (rra at             <>

    Please send questions to the list rather than mailing me directly.
     <> explains why.

More information about the inn-workers mailing list