ietf-nntp My notes from the NNTP WG meeting at the 37thIETF
Chris Lewis
clewis at nortel.ca
Fri Dec 20 10:14:00 PST 1996
In message "Re: ietf-nntp My notes from the NNTP WG meeting at the 37thIETF",
'NatBa at MICROSOFT.com' writes:
>Actually - no. It seems the Netscape server accepts AUTHINFO USER without
>an AUTHINFO PASS, but does nothing with the AUTHINFO USER. I believe most
>servers have a set of newsgroups that can be viewed without any
>authentication
>- so it's reasonable for the Netscape server to do what it does. INN does
>the same thing. In any case, without a password, the AUTHINFO USER command
>is useless, and servers will not accept it. If they did, I could spoof
>others.
Particularly with the AUTHINFO GENERIC specification, the protocol is
perfectly capable of allowing a user to see some groups, then see a
different group (usually a superset) after authentication. The generic
authenticators sin both INN and NNTP reference return a list of groups
the user is allowed to use.
Brian? Does the Netscape server or browser support GENERIC?
--
Chris Lewis, Senior Network Security Analyst, Nortel.
clewis at nortel.ca; Dept 4C16, Ottawa, Canada. (613) 763-2935.
More information about the ietf-nntp
mailing list