doc/hook-perl - response codes for authentication

Russ Allbery rra at stanford.edu
Fri Dec 26 04:11:51 UTC 2008


Alexander Bartolich <alexander.bartolich at gmx.at> writes:

> The following paragraph in doc/hook-perl
>
>     The NNTP response code should probably be either 281 (authentication
>     successful) or 502 (authentication unsuccessful).  If the code
>     returned is anything other than 281, nnrpd will print an
>     authentication error message and drop the connection and exit.
>
> conflicts with RFC 4643:
>
>    Responses
>      281 Authentication accepted
>      381 Password required [1]
>      481 Authentication failed/rejected
>      482 Authentication commands issued out of sequence
>      502 Command unavailable [2]
>
>      [2] If authentication has already occurred, AUTHINFO USER/PASS are
>          not valid commands (see Section 2.2).
>
> So according to the specification code 481 should be returned instead of
> 502.

Yup.  We should change the documentation.

> However, my custom Perl hook has returned 502 for two years and that
> also seems to carry the message across.

I don't think clients particularly care and only distinguish between 281
and everything else, but we should be accurate.

> Anyway, the reason I'm reading the RFC is because I search for an
> appropriate way to distinguish internal errors (e.g. "Can't connect to
> MY-SQL") from authentication errors. Any suggestions?

That's what 403 is for.  As a generic response code, you can return it for
any command.

   If the server experiences an internal fault or problem that means it
   is unable to carry out the command (for example, a necessary file is
   missing or a necessary service could not be contacted), the response
   code 403 MUST be returned.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>

    Please send questions to the list rather than mailing me directly.
     <http://www.eyrie.org/~eagle/faqs/questions.html> explains why.



More information about the inn-workers mailing list