[ietf-nntp] AUTHINFO draft 01
Russ Allbery
rra at stanford.edu
Sat Jul 3 12:49:17 PDT 2004
Charles Lindsey <chl at clerew.man.ac.uk> writes:
> I think (2) is best. Surely an AUTHINFO PASS on its own, not (immediately)
> preceded by any AUTHINFO USER is a nonsense,
What makes you think that? nnrpd allows arbitrary commands between
AUTHINFO USER and AUTHINFO PASS.
It's not something I'd consider particularly useful, but it's how news
software actually works.
Please, folks, remember that AUTHINFO USER/PASS is something that we're
*documenting* not *updating*. This is a legacy authentication protocol
that we aren't encouraging in the future, but which is in current use and
therefore needs documentation. As a result, we should make an absolute
minimum of changes and not spend a lot of time trying to figure out how it
*should* have been done.
We know how it should have been done; it's called AUTHINFO SASL.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the ietf-nntp
mailing list