Suggestion for draft-ietf-nntpext-base-02.txt
Chris Lewis
clewis at nortel.ca
Mon Jan 12 08:53:00 PST 1998
In message "Re: Suggestion for draft-ietf-nntpext-base-02.txt",
'brian at karoshi.ucsd.edu' writes:
>I think that using NNTP to change a password (indeed, for anything
>updating access or security) is a very bad idea. Other more secure
>protocols should be used both for access and update; the existing
>AUTHINFO was a temporary hack intended more for user identification
>than for authentication.
True.
However, speaking from the perspective of someone trying to implement
broad-multi-service authentication mechanisms, the ability for an
administrator to choose to use such a facility would be most helpful.
That being said, there's no reason you couldn't do this with AUTHINFO
GENERIC.
--
Chris Lewis, Senior Network Security Analyst, Nortel.
clewis at nortel.ca; Dept 8M86, Ottawa, Canada. (613) 763-2935.
More information about the ietf-nntp
mailing list