ietf-nntp My notes from the NNTP WG meeting at the 37th IETF
Brian Hernacki
bhern at netscape.com
Thu Dec 19 09:28:54 PST 1996
Nat Ballou wrote:
>
> > From: Brian Kantor <brian at nothing.ucsd.edu>
> > To: Chris.Newman at INNOSOFT.COM; moore at cs.utk.edu
> > Cc: ietf-nntp at academ.com
> > Subject: Re: ietf-nntp My notes from the NNTP WG meeting at the 37th IETF
> > Date: Thursday, December 19, 1996 7:07 AM
> >
> > Gentlemen,
> >
> > Please do not forget that AUTHINFO USER does NOT REQUIRE A PASSWORD.
> >
> > I originally added it to facilitate gathering of readership statistics,
> > and in that application, it needed only supply the username.
> >
> > While AUTHINFO may be used to control access, that is not its only use.
>
> While that might have been the intent, I believe every implementation
> requires an AUTHINFO PASS after an AUTHINFO USER. I may be wrong here
> - but if I'm right, I'd rather RFC977 driven by current practices rather
> than intentions.
>
> So - are there any implementations that accept AUTHINFO USER without an
> AUTHINFO PASS?
As far as protocol goes, Netscape News Server will accept an AUTHINFO
USER, return a "381 PASS required", but still allow you to enter other
commands without having entered AUTHINFO PASS. It does not however, use
the USER information (even for readership stats) unless a password has
been provided to prove identity.
--brian
More information about the ietf-nntp
mailing list