[ietf-nntp] Re: AUTHINFO/SASL responses
Clive D.W. Feather
clive at demon.net
Tue May 18 00:13:45 PDT 2004
Russ Allbery said:
>> - authentication failed/rejected. Currently this is documented as 502,
>> per INN, but Clive suggests 481 and I tend to agree we need a temp code
>> which allows the client to try again. For those servers which choose to
>> bail, 502 could still be allowed.
>
> 481 would indicate a temporary failure with authentication, implying that
> the client should try the same username and password again.
No it doesn't.
If you look at our definitions of response codes, the 4xx/5xx split is
*NOT* temporary v permanent. Rather, they are semantic v syntactic. A 4xx
error indicates that the format of the command was correct but it didn't
work for some reason. [Yes, we haven't always been consistent on this but
that's what we've said.] So 481 is fine for this.
>> - SASL challenge/response can't be base64 decoded. Traditionally, this
>> is treated as an auth failure, so whatever we decide for failure can be
>> used.
> Alternately, one could use 482 for this, considering 482 to be generally
> the error code for an improper auth protocol exchange. I think that may
> make more sense.
But this *is* a syntax error. This would appear to be the right place for a
5xx, and more specifically 58x, code. What is the problem with that?
> 282 is taken by XGTITLE.
Should this bother us?
--
Clive D.W. Feather | Work: <clive at demon.net> | Tel: +44 20 8495 6138
Internet Expert | Home: <clive at davros.org> | Fax: +44 870 051 9937
Demon Internet | WWW: http://www.davros.org | Mobile: +44 7973 377646
Thus plc | |
More information about the ietf-nntp
mailing list