how to do authinfo for only one group?

how to do authinfo for only one group?

[Joe Hildebrand]

ok, i'm back in Denver, and i'm real close to an nndb delivery.  i
have one thing left to test, which is the authinfo stuff.  you do i
tell sgnus to only try to send authinfo for one group?  or does
calling nntp-send-authinfo not send authorization if it isn't
requested?

-- 
Joe Hildebrand                  Fuentez Systems Concepts
hildjj@fuentez.com              Lead Software Engineer
	"Breakfast recapitulates phylogeny" - Spider Robinson

Re: how to do authinfo for only one group?

[Lars Magne Ingebrigtsen]

Joe Hildebrand <hildjj@fuentez.com> writes:

> you do i tell sgnus to only try to send authinfo for one group?  or
> does calling nntp-send-authinfo not send authorization if it isn't
> requested?

No, that sends authinfo whenever it connects.  You could put a
definition of `nntp-server-opened-hook' that includes the function to
send authinfo in the select method used for that group.

-- 
  "Yes.  The journey through the human heart 
     would have to wait until some other time."

Re: how to do authinfo for only one group?

[Greg Stark]

Well, it's clear what is intended, i'm not sure how to make Gnus do this, but
your server should probably follow this, aS well as supporting the common
practice of allowing the client to authenticate immediately after the start of
the session.

    When authorization is required, the server will send a 480
    response requesting authorization from the client. The
    client must enter AUTHINFO USER followed by the username.
    Once sent, the server will cache the username and send a
    381 response requesting the password associated with that
    username. The client must enter AUTHINFO PASS followed by
    the password for the username. The server will then check
    the authentication database to see if the username/password
    combination is valid. If the combination is valid, the
    server will return a 281 response. The client should then
    retry the original command to which the server responded
    with the 480 response. The command should then be processed
    by the server normally. If the combination is not valid,
    the server will return a 502 response.

    Clients must provide authentication when requested by the server. 
    It is possible that some implementations will accept authentication
    information at the beginning of a session, but this was not the 
    original intent of the specification.  If a client attempts to
    reauthenticate, the server may return 482 response indicating
    that the new authentication data is rejected by the server.
    The 482 code will also be returned when the AUTHINFO commands
    are not entered in the correct sequence (like two AUTHINFO
    USERs in a row, or AUTHINFO PASS preceding AUTHINFO USER).

Except that this excerpt comes from an expired draft from a working group that
was dissolved.  In fact I should mention to Lars that i was deceived when i
suggested AUTHINFO GENERIC was something useful for Gnus to support.  AUTHINFO
GENERIC, as it's name implies, is intended to allow people to experiment with
other authentication schemes.  It doesn't specify any particular protocol. 
In fact	it turns out no authentication scheme could possibly be secure given
its framework.

Re: how to do authinfo for only one group?

[Joe Hildebrand]

> "Greg" == Greg Stark <gsstark@mit.edu> writes:

   Greg> Well, it's clear what is intended, i'm not sure how to make
   Greg> Gnus do this, but your server should probably follow this, aS
   Greg> well as supporting the common practice of allowing the client
   Greg> to authenticate immediately after the start of the session.

   Greg>     When authorization is required, the server will send a
   Greg> 480 response requesting authorization from the client. The
   Greg> client must enter AUTHINFO USER followed by the
   Greg> username. ...

I'm actually doing all of this stuff, now.  Should ding send
authorization whenever it gets a 480 response?

The perl code is ready.  I'm writing a delivery agent in C, so that
you won't have to exec perl every time you get a mail message.  When
that is done, I'll post everything.  Looks like tommorrow.

-- 
Joe Hildebrand                  Fuentez Systems Concepts
hildjj@fuentez.com              Lead Software Engineer
	"Breakfast recapitulates phylogeny" - Spider Robinson

Re: how to do authinfo for only one group?

[Lars Magne Ingebrigtsen]

gsstark@MIT.EDU (Greg Stark) writes:

>     When authorization is required, the server will send a 480
>     response requesting authorization from the client.

I've now added this to the Red Gnus todo list.  I don't think it's all
that important, though -- no nntp servers choke on getting an AUTHINFO
on connection.  Although that sounds a bit insecure, come to think of
if.  One doesn't want to send passwords to servers that do not ask for
them...

-- 
  "Yes.  The journey through the human heart 
     would have to wait until some other time."