ietf-nntp Multiple AUTHINFOs per session
Jeffrey M. Vinocur
jeff at litech.org
Sun Jan 5 12:38:10 PST 2003
Ken has raised the issue of whether a client should be able to AUTHINFO
multiple times in the same session. Some observations:
- If an AUTHINFO fails, the client should be able to retry (unless the
server has chosen to close the connection). Agreed?
- INN at least permits clients to use AUTHINFO USER/PASS multiple times.
Do other servers do the same? (Of course, I suspect few if any clients
actually attempt this functionality. Anyone know about that?)
- For the purposes of AUTHINFO SASL, this issue is explicitly raised in
RFC 2222 (excerpted below). I don't think we've ever discussed this
issue -- let me know if we have -- but certainly the easiest approach
is to disallow it.
5.3. Multiple authentications
Unless otherwise stated by the protocol's profile, only one
successful SASL negotiation may occur in a protocol session. In this
case, once an authentication protocol exchange has successfully
completed, further attempts to initiate an authentication protocol
exchange fail.
In the case that a profile explicitly permits multiple successful
SASL negotiations to occur, then in no case may multiple security
layers be simultaneously in effect. If a security layer is in effect
and a subsequent SASL negotiation selects no security layer, the
original security layer remains in effect. If a security layer is in
effect and a subsequent SASL negotiation selects a second security
layer, then the second security layer replaces the first.
--
Jeffrey M. Vinocur
jeff at litech.org
More information about the ietf-nntp
mailing list