[NNTP] Interoperability with 502 answer to GROUP command

[Julien ÉLIE]

Hi all,

We had a question on inn-workers about the response code a news server
should give to a GROUP command for an existing newsgroup to which the
client does not have access:
    https://lists.isc.org/pipermail/inn-workers/2010-September/017275.html

It appears that INN answers 480/502 (depending on the state of authentication)
but a few news clients (amongst them are tin and Thunderbird) immediately
close the connection.
As a matter of fact, according to RFC 3977:

   502:  It is necessary to terminate the connection and to start a new
                            ^^^^^^^^^^^^^^^^^^^^^^^^
         one with the appropriate authority before the command can be used.


So...  what are clients and servers expected to do?



Suppose we have three groups on a news server :
 * group.public, readable by everybody
 * group.auth1, readable by user1
 * group.auth2, readable by user2


Are the following answers the right ones?


200 Hello!

LIST ACTIVE
215 Newsgroups in form "group high low status"
group.public 0000000003 0000000001 y
.

GROUP group.auth2
480 Read access denied

AUTHINFO USER user1
381 Enter password
AUTHINFO PASS pass1
281 Authentication succeeded

LIST ACTIVE
215 Newsgroups in form "group high low status"
group.public 0000000003 0000000001 y
group.auth1 0000000003 0000000001 y
.

GROUP group.auth2
502 Read access denied




After discussing a bit in private with Urs, we have a few questions:

* is the first answer to LIST ACTIVE right?  or should it also
  advertise group.auth1 and group.auth2?

* is the last answer to "GROUP group.auth2" right?
  (independently of the group being listed in the active list)

  Another possibility would be 411 but it would mean that the
  newsgroup is unknown (and therefore does not exist).  It is not
  the case.


Thanks beforehand for your comments and suggestions about
that case of use.

-- 
Julien ÉLIE

« Sum, ergo bibo ; bibo, ergo sum. »