no forced authinfo in 5.6.2?

no forced authinfo in 5.6.2?

[Steinar Bang]

I just looked at the nntp.el in 5.6.2, doesn't seem to be any code
there looking for some way to force authinfo on an NNTP server that
doesn't ask for it.

Was this dropped because people disagreed with the proposed syntax?

Re: no forced authinfo in 5.6.2?

[Hallvard B Furuseth]

Lars Magne Ingebrigtsen <larsi@gnus.org> writes:
>> (...) force authinfo on an NNTP server that doesn't ask for it.
> 
> Well, I didn't feel it was resolved.  Should I add a "force" tag?

If nntp-authinfo-file is .netrc-compatible just because you wanted to
reuse existing code to parse .netrc:

  I don't see any reason *not* to send authinfo to a machine mentioned
  in .authinforc.  If I have an authinfo password there, why would I
  want not to use it?

  (Our NNTP server does not ask for authinfo, but it does not give me
  the department's private group unless I send authinfo.)

If nntp-authinfo-file is .netrc-compatible so we can point it to .netrc:

  Bummer.

  * I can't have different FTP user/password and NNTP user/password
    on the same machine.

  * If I insert `machine some.server login hbf password newspassword',
    then the `ftp some.server' command will try to log in with my NNTP
    username and password.

  * If the same machine has a trusted FTP maintainer and an untrusted
    (unknown/experimental/...) NNTP maintainer, and it has my FTP
    password in .netrc, then the NNTP maintainer can ask Gnus to send
    him my FTP password.

  Maybe this format will fix it:

    machine some.server      login hbf password ftppassword
    machine nntp/some.server login hbf password newspassword

  As above, I don't see any reason to not send the NNTP password if you
  use this format.

  OTOH, maybe some FTP implementations will barf on the 2nd line, since
  they know that hostnames don't look like that.

  (BTW, I used `/' instead of `:' because I've heard IPv6 hostnames may
  contain `:'.  Or maybe they can contain `/' too?)

-- 
Hallvard

Re: no forced authinfo in 5.6.2?

[Edward J. Sabol]

Excerpts from mail: (14-Mar-98) Re: no forced authinfo in 5.6.2? by Hallvard B Furuseth
> If nntp-authinfo-file is .netrc-compatible just because you wanted to
> reuse existing code to parse .netrc:
>
> I don't see any reason *not* to send authinfo to a machine mentioned
> in .authinforc.  If I have an authinfo password there, why would I
> want not to use it?

I thought the same thing, but Lars convinced me otherwise:

------- Start of exceprted message -------
To: ding@gnus.org
Subject: Re: feedback on AUTHINFO in qgnus-0.27
References: <199802191555.KAA18753@alderaan.gsfc.nasa.gov>
From: Lars Magne Ingebrigtsen <larsi@gnus.org>
Date: 20 Feb 1998 03:31:45 +0100

"Edward J. Sabol" <sabol@alderaan.gsfc.nasa.gov> writes:
> It sounds more complicated than it really is. Basically, if there's an entry
> for the server in ~/.authinforc, then send authinfo for that server whether
> challenged or not.

Hm.  Some servers only challenge when entering certain groups.  The
user may wish to stick the machine name and the user name into the
file, but not the password, and it would be annoying if that would
lead Gnus to send the authinfo (and promt the user for that
unnecessary password) even if the user doesn't want to read the
password-protected groups.
------- End of excerpted message -------

> If nntp-authinfo-file is .netrc-compatible so we can point it to .netrc:
>
> Bummer.
>
> * I can't have different FTP user/password and NNTP user/password
> on the same machine.
>
> * If I insert `machine some.server login hbf password newspassword',
> then the `ftp some.server' command will try to log in with my NNTP
> username and password.

I think you miss the point. You *can* point gnus-authinfo-file to your
~/.netrc, but you don't *have* to. The default has them being different
files. If your NNTP password is different from your FTP password, then use
separate files for NNTP and FTP.

> Maybe this format will fix it:
>
> machine some.server      login hbf password ftppassword
> machine nntp/some.server login hbf password newspassword

Yuck.

Lars Magne Ingebrigtsen <larsi@gnus.org> writes:
> Well, I didn't feel it was resolved.  Should I add a "force" tag?

Lars, as long as the "force" tag is an optional part of the syntax (i.e.,
Gnus defaults to "force no" if there is no "force" tag present) in order to
keep some semblance of compatibility with ~/.netrc, I see no problem with it.

Besides, I also see many advantages to this syntax. When people post to the
mailing list asking how to make Gnus automatically send authinfo for certain
servers, I will get a great thrill out of replying to them and writing "Use
the FORCE tag, Luke!" :-)

Please go ahead and implement it, Lars.

Later,
Ed

Re: no forced authinfo in 5.6.2?

[Steinar Bang]

>>>>> "Edward J. Sabol" <sabol@alderaan.gsfc.nasa.gov>:

[...]
> Besides, I also see many advantages to this syntax. When people post
> to the mailing list asking how to make Gnus automatically send
> authinfo for certain servers, I will get a great thrill out of
> replying to them and writing "Use the FORCE tag, Luke!" :-)

Indeed. :-)

I caught a bit of flak from the "point and click" generation about
Gnus needing Emacs lisp customization to be about to force authinfo on
a server, and this sounds like a good line to throw at them at a later
stage...

> Please go ahead and implement it, Lars.

Yep!

Re: no forced authinfo in 5.6.2?

[Lars Magne Ingebrigtsen]

Hallvard B Furuseth <h.b.furuseth@usit.uio.no> writes:

> If nntp-authinfo-file is .netrc-compatible just because you wanted to
> reuse existing code to parse .netrc:

No, the main reason was just to use a format that I thought would be
familiar to people.  The .netrc format seemed a likely candidate.

-- 
(domestic pets only, the antidote for overdose, milk.)
  larsi@gnus.org * Lars Magne Ingebrigtsen

Re: no forced authinfo in 5.6.2?

[Lars Magne Ingebrigtsen]

"Edward J. Sabol" <sabol@alderaan.gsfc.nasa.gov> writes:

> Besides, I also see many advantages to this syntax. When people post to the
> mailing list asking how to make Gnus automatically send authinfo for certain
> servers, I will get a great thrill out of replying to them and writing "Use
> the FORCE tag, Luke!" :-)

It's too good a pun not to use, so I've implemented this in Gnus 5.6.3.

-- 
(domestic pets only, the antidote for overdose, milk.)
  larsi@gnus.org * Lars Magne Ingebrigtsen

Re: no forced authinfo in 5.6.2?

[Hallvard B Furuseth]

"Edward J. Sabol" <sabol@alderaan.gsfc.nasa.gov> writes:

>> If I have an authinfo password there, why would I want not to use it?
> 
> I thought the same thing, but Lars convinced me otherwise:

Oh well.

> I think you miss the point. You *can* point gnus-authinfo-file to your
> ~/.netrc, but you don't *have* to.

Right.  Good argument against the two points you quoted, but not against
the one you skipped:

  * If the same machine has a trusted FTP maintainer and an untrusted
    (unknown/experimental/...) NNTP maintainer, and it has my FTP
    password in .netrc, then the NNTP maintainer can ask Gnus to send
    him my FTP password.

Users *will* copy setup files from more experienced users, or choose
options that feel nifty, without reading up the details about each
option.  A program should *not* offer nifty-looking security holes like
this, unless it makes sure to throw a warning in his face.  Require him
to put `macdef no-nntp-security-warnings' in ~/.netrc to shut it up, or
something.  Presumably he won't copy another user's .netrc:-)

>> Maybe this format will fix it:
>>
>> machine some.server      login hbf password ftppassword
>> machine nntp/some.server login hbf password newspassword
> 
> Yuck.

Yup.  But it's the least ugly way to handle authinfo-file=~/.netrc I can
think of.

-- 
Hallvard