ietf-nntp Multiple AUTHINFOs per session
Ken Murchison
ken at oceana.com
Sun Jan 5 13:09:51 PST 2003
"Jeffrey M. Vinocur" wrote:
>
> Ken has raised the issue of whether a client should be able to AUTHINFO
> multiple times in the same session. Some observations:
>
> - If an AUTHINFO fails, the client should be able to retry (unless the
> server has chosen to close the connection). Agreed?
Yes, of course. I should have said multiple successful authentications.
> - INN at least permits clients to use AUTHINFO USER/PASS multiple times.
> Do other servers do the same? (Of course, I suspect few if any clients
> actually attempt this functionality. Anyone know about that?)
If it turns out that no clients actually use this in practice, then I'd
say scrap it.
What is the intended use? And what is the big deal with starting a new
session?
None of the other similar protocols (IMAP, POP3, SMTP) allow such a
thing.
> - For the purposes of AUTHINFO SASL, this issue is explicitly raised in
> RFC 2222 (excerpted below). I don't think we've ever discussed this
> issue -- let me know if we have -- but certainly the easiest approach
> is to disallow it.
If we follow SASL's recommendation of only one successful authentication
per session, should we allow USER/PASS to have different semantics?
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
More information about the ietf-nntp
mailing list