ietf-nntp Virtual hosts in NNTP servers

[Ken Murchison]

Russ Allbery wrote:
> 
> Clive D W Feather <clive at demon.net> writes:
> 
> > Nothing stops you defining your own extension, but is anyone going to
> > use it? I've never heard of anyone needing this before, which argues
> > it's likely to be not that popular.
> 
> I've definitely seen the need before.  It's a not-uncommon INN feature
> request.  Most people who need it are using or can use authentication,
> though, and therefore just use Ken's recommended solution.
> 
> One could, as you mention, define a new extension for this, but honestly
> it would be easier to change the clients to use SASL ANON to authenticate
> and give a domain than it would be to add yet a new command, once SASL is
> the way that authentication is done for news.  And in the interim, one
> could pretty easily modify the clients to send USER/PASS using AUTHINFO,
> more easily than modify them to send a new command.

Given current USER/PASS practice (as I understand it), it wouldn't even
be necessary to send PASS unless you actually needed to authenticate. 
Just sending USER with a fully qualified userid would be enough to clue
in the server.


> (This is assuming SASL ANON ends up supporting domains, though, which
> isn't all that clear just at the moment as I understand the current
> discussion on the SASL list.)


The info sent with ANONYMOUS is for informational purposes only.  It is
recommended that it be an email address or the like for logging
purposes, but it probably wouldn't be wise to have functionality
dependent upon its content/format.

-- 
Kenneth Murchison     Oceana Matrix Ltd.
Software Engineer     21 Princeton Place
716-662-8973 x26      Orchard Park, NY 14127
--PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp