* no forced authinfo in 5.6.2? @ 1998-03-08 20:46 Steinar Bang [not found] ` <m3iupil26f.fsf@sparky.gnus.org> 0 siblings, 1 reply; 7+ messages in thread From: Steinar Bang @ 1998-03-08 20:46 UTC (permalink / raw) I just looked at the nntp.el in 5.6.2, doesn't seem to be any code there looking for some way to force authinfo on an NNTP server that doesn't ask for it. Was this dropped because people disagreed with the proposed syntax? ^ permalink raw reply [flat|nested] 7+ messages in thread
[parent not found: <m3iupil26f.fsf@sparky.gnus.org>]
* Re: no forced authinfo in 5.6.2? [not found] ` <m3iupil26f.fsf@sparky.gnus.org> @ 1998-03-14 0:06 ` Hallvard B Furuseth 1998-03-16 19:22 ` Edward J. Sabol 1998-03-19 12:08 ` Lars Magne Ingebrigtsen 0 siblings, 2 replies; 7+ messages in thread From: Hallvard B Furuseth @ 1998-03-14 0:06 UTC (permalink / raw) Lars Magne Ingebrigtsen <larsi@gnus.org> writes: >> (...) force authinfo on an NNTP server that doesn't ask for it. > > Well, I didn't feel it was resolved. Should I add a "force" tag? If nntp-authinfo-file is .netrc-compatible just because you wanted to reuse existing code to parse .netrc: I don't see any reason *not* to send authinfo to a machine mentioned in .authinforc. If I have an authinfo password there, why would I want not to use it? (Our NNTP server does not ask for authinfo, but it does not give me the department's private group unless I send authinfo.) If nntp-authinfo-file is .netrc-compatible so we can point it to .netrc: Bummer. * I can't have different FTP user/password and NNTP user/password on the same machine. * If I insert `machine some.server login hbf password newspassword', then the `ftp some.server' command will try to log in with my NNTP username and password. * If the same machine has a trusted FTP maintainer and an untrusted (unknown/experimental/...) NNTP maintainer, and it has my FTP password in .netrc, then the NNTP maintainer can ask Gnus to send him my FTP password. Maybe this format will fix it: machine some.server login hbf password ftppassword machine nntp/some.server login hbf password newspassword As above, I don't see any reason to not send the NNTP password if you use this format. OTOH, maybe some FTP implementations will barf on the 2nd line, since they know that hostnames don't look like that. (BTW, I used `/' instead of `:' because I've heard IPv6 hostnames may contain `:'. Or maybe they can contain `/' too?) -- Hallvard ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: no forced authinfo in 5.6.2? 1998-03-14 0:06 ` Hallvard B Furuseth @ 1998-03-16 19:22 ` Edward J. Sabol 1998-03-17 8:01 ` Steinar Bang ` (2 more replies) 1998-03-19 12:08 ` Lars Magne Ingebrigtsen 1 sibling, 3 replies; 7+ messages in thread From: Edward J. Sabol @ 1998-03-16 19:22 UTC (permalink / raw) Excerpts from mail: (14-Mar-98) Re: no forced authinfo in 5.6.2? by Hallvard B Furuseth > If nntp-authinfo-file is .netrc-compatible just because you wanted to > reuse existing code to parse .netrc: > > I don't see any reason *not* to send authinfo to a machine mentioned > in .authinforc. If I have an authinfo password there, why would I > want not to use it? I thought the same thing, but Lars convinced me otherwise: ------- Start of exceprted message ------- To: ding@gnus.org Subject: Re: feedback on AUTHINFO in qgnus-0.27 References: <199802191555.KAA18753@alderaan.gsfc.nasa.gov> From: Lars Magne Ingebrigtsen <larsi@gnus.org> Date: 20 Feb 1998 03:31:45 +0100 "Edward J. Sabol" <sabol@alderaan.gsfc.nasa.gov> writes: > It sounds more complicated than it really is. Basically, if there's an entry > for the server in ~/.authinforc, then send authinfo for that server whether > challenged or not. Hm. Some servers only challenge when entering certain groups. The user may wish to stick the machine name and the user name into the file, but not the password, and it would be annoying if that would lead Gnus to send the authinfo (and promt the user for that unnecessary password) even if the user doesn't want to read the password-protected groups. ------- End of excerpted message ------- > If nntp-authinfo-file is .netrc-compatible so we can point it to .netrc: > > Bummer. > > * I can't have different FTP user/password and NNTP user/password > on the same machine. > > * If I insert `machine some.server login hbf password newspassword', > then the `ftp some.server' command will try to log in with my NNTP > username and password. I think you miss the point. You *can* point gnus-authinfo-file to your ~/.netrc, but you don't *have* to. The default has them being different files. If your NNTP password is different from your FTP password, then use separate files for NNTP and FTP. > Maybe this format will fix it: > > machine some.server login hbf password ftppassword > machine nntp/some.server login hbf password newspassword Yuck. Lars Magne Ingebrigtsen <larsi@gnus.org> writes: > Well, I didn't feel it was resolved. Should I add a "force" tag? Lars, as long as the "force" tag is an optional part of the syntax (i.e., Gnus defaults to "force no" if there is no "force" tag present) in order to keep some semblance of compatibility with ~/.netrc, I see no problem with it. Besides, I also see many advantages to this syntax. When people post to the mailing list asking how to make Gnus automatically send authinfo for certain servers, I will get a great thrill out of replying to them and writing "Use the FORCE tag, Luke!" :-) Please go ahead and implement it, Lars. Later, Ed ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: no forced authinfo in 5.6.2? 1998-03-16 19:22 ` Edward J. Sabol @ 1998-03-17 8:01 ` Steinar Bang 1998-03-19 12:09 ` Lars Magne Ingebrigtsen 1998-03-20 10:44 ` Hallvard B Furuseth 2 siblings, 0 replies; 7+ messages in thread From: Steinar Bang @ 1998-03-17 8:01 UTC (permalink / raw) >>>>> "Edward J. Sabol" <sabol@alderaan.gsfc.nasa.gov>: [...] > Besides, I also see many advantages to this syntax. When people post > to the mailing list asking how to make Gnus automatically send > authinfo for certain servers, I will get a great thrill out of > replying to them and writing "Use the FORCE tag, Luke!" :-) Indeed. :-) I caught a bit of flak from the "point and click" generation about Gnus needing Emacs lisp customization to be about to force authinfo on a server, and this sounds like a good line to throw at them at a later stage... > Please go ahead and implement it, Lars. Yep! ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: no forced authinfo in 5.6.2? 1998-03-16 19:22 ` Edward J. Sabol 1998-03-17 8:01 ` Steinar Bang @ 1998-03-19 12:09 ` Lars Magne Ingebrigtsen 1998-03-20 10:44 ` Hallvard B Furuseth 2 siblings, 0 replies; 7+ messages in thread From: Lars Magne Ingebrigtsen @ 1998-03-19 12:09 UTC (permalink / raw) "Edward J. Sabol" <sabol@alderaan.gsfc.nasa.gov> writes: > Besides, I also see many advantages to this syntax. When people post to the > mailing list asking how to make Gnus automatically send authinfo for certain > servers, I will get a great thrill out of replying to them and writing "Use > the FORCE tag, Luke!" :-) It's too good a pun not to use, so I've implemented this in Gnus 5.6.3. -- (domestic pets only, the antidote for overdose, milk.) larsi@gnus.org * Lars Magne Ingebrigtsen ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: no forced authinfo in 5.6.2? 1998-03-16 19:22 ` Edward J. Sabol 1998-03-17 8:01 ` Steinar Bang 1998-03-19 12:09 ` Lars Magne Ingebrigtsen @ 1998-03-20 10:44 ` Hallvard B Furuseth 2 siblings, 0 replies; 7+ messages in thread From: Hallvard B Furuseth @ 1998-03-20 10:44 UTC (permalink / raw) "Edward J. Sabol" <sabol@alderaan.gsfc.nasa.gov> writes: >> If I have an authinfo password there, why would I want not to use it? > > I thought the same thing, but Lars convinced me otherwise: Oh well. > I think you miss the point. You *can* point gnus-authinfo-file to your > ~/.netrc, but you don't *have* to. Right. Good argument against the two points you quoted, but not against the one you skipped: * If the same machine has a trusted FTP maintainer and an untrusted (unknown/experimental/...) NNTP maintainer, and it has my FTP password in .netrc, then the NNTP maintainer can ask Gnus to send him my FTP password. Users *will* copy setup files from more experienced users, or choose options that feel nifty, without reading up the details about each option. A program should *not* offer nifty-looking security holes like this, unless it makes sure to throw a warning in his face. Require him to put `macdef no-nntp-security-warnings' in ~/.netrc to shut it up, or something. Presumably he won't copy another user's .netrc:-) >> Maybe this format will fix it: >> >> machine some.server login hbf password ftppassword >> machine nntp/some.server login hbf password newspassword > > Yuck. Yup. But it's the least ugly way to handle authinfo-file=~/.netrc I can think of. -- Hallvard ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: no forced authinfo in 5.6.2? 1998-03-14 0:06 ` Hallvard B Furuseth 1998-03-16 19:22 ` Edward J. Sabol @ 1998-03-19 12:08 ` Lars Magne Ingebrigtsen 1 sibling, 0 replies; 7+ messages in thread From: Lars Magne Ingebrigtsen @ 1998-03-19 12:08 UTC (permalink / raw) Hallvard B Furuseth <h.b.furuseth@usit.uio.no> writes: > If nntp-authinfo-file is .netrc-compatible just because you wanted to > reuse existing code to parse .netrc: No, the main reason was just to use a format that I thought would be familiar to people. The .netrc format seemed a likely candidate. -- (domestic pets only, the antidote for overdose, milk.) larsi@gnus.org * Lars Magne Ingebrigtsen ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~1998-03-20 10:44 UTC | newest] Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 1998-03-08 20:46 no forced authinfo in 5.6.2? Steinar Bang [not found] ` <m3iupil26f.fsf@sparky.gnus.org> 1998-03-14 0:06 ` Hallvard B Furuseth 1998-03-16 19:22 ` Edward J. Sabol 1998-03-17 8:01 ` Steinar Bang 1998-03-19 12:09 ` Lars Magne Ingebrigtsen 1998-03-20 10:44 ` Hallvard B Furuseth 1998-03-19 12:08 ` Lars Magne Ingebrigtsen
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).