ietf-nntp Multiple Authentications, personal opinon
Juergen Helbing
infstar at infostar.de
Tue Jan 7 00:51:22 PST 2003
I saw the call for comments on this issue.
So here just some personal experience:
I never heared from the users of the MyNews server that they need
multiple authentications. However MyNews permits this - and updates
the permissions to the latest authinfo account. This is not done
intentionally but simply because the authinfo command is not blocked
after a sucessful auth.
What I saw already on Usenet was that a host required authentication
WITHIN a session when a binary group was selected:
This was a public news-server (open without authentication) for
text-groups but the first attempt to access a binary group wanted the
authentication....
(This is just mentioned for completeness - not because it is a
problem).
There is one thing I have not understood yet:
It seems that a special kind of secure authentication is discussed
here - and I'm wondering how to write a news-client which does not
know whether the host permits (or requires) secure auth:
In such cases the client must try both types of auth (at least once to
find out which one the host wants). This could be done - of course -
in a second attempt to reconnect - but this is not very funny.
Perhaps I've missed this in the previous discussion, but I would like
that host permit another auth if the first one fails. Especially if
secure and old authentication is available.
There are two types of "special" news-servers today:
Public servers (almost read only) and commercial servers.
These servers have limitations for the number of concurrent users -
and sometimes farms permit connect but have strange reply code when an
article should be retrieved as: "480 already connect to two other
hosts).....
There is nothing special actually - but I dont know how these "special
servers" will develop in the future. I just recognize that these
people have special needs which are not understandable for most of us
(and which are solved actually by issuing funny return codes in
special situations) - and nobody knows what they need in the future.
So I personally would be carefully to _forbid_ something if it not
strictly necessary for secure auth....
Just some thoughts and experience.
Please apologize if these things have been already discussed.
I did not read the list seriously in the last few weeks.
--
Juergen
-----------------------
MyNews: www.winews.net
More information about the ietf-nntp
mailing list