[ietf-nntp] Re: AUTHINFO/SASL responses
Russ Allbery
rra at stanford.edu
Mon May 17 03:09:54 PDT 2004
Clive D W Feather <clive at demon.net> writes:
> Ken Murchison said:
>> - SASL challenge/response can't be base64 decoded. Traditionally, this
>> is treated as an auth failure, so whatever we decide for failure can be
>> used.
> If it can't be decoded, that's a plain syntax error. 501 is the right
> code for this. Or it should be a new code, say 581.
Not a new code, please. Either 501 or 482; I don't have a strong opinion
about which one.
>> - client sends initial SASL response for a mech that doesn't support
>> it. This exchange "out of order" problem will cause the auth to
>> fail. Clive suggests 482. I suggest the the failure code (481?) as an
>> alternative.
> I think you want to distinguish this (protocol error) from a failure such
> as wrong password.
> Thinking about it, it's effectively providing too many arguments. So
> it's a sort of syntax error. But I think it's worthwhile distinguishing
> this from the normal syntax error case. What about 580? [5xx is "Command
> unknown, unsupported, unavailable, or syntax error".]
I like the idea of using 482 a lot better.
> As I've said before, you can *NOT* do that because it breaks
> [NNTP-BASE]; a response must have a single consistent syntax and allow
> trailing junk. If you need to distinguish "no success data" from "empty
> success data" then you need separate arguments for them:
Oh, whoops, I forgot about that.
Okay, you're right. We should use 281 for success with no data and 283
for success with data.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the ietf-nntp
mailing list