From: Wes Hardaker <wjhardaker@ucdavis.edu>
Subject: authentication in gnus technically not perfect
Date: 20 Nov 1997 10:32:41 -0800 [thread overview]
Message-ID: <x7200btnzq.fsf@des.thegrid.net> (raw)
(warn "Wes is being annoying having just read something")
>From http://www.mibsoftware.com/userkt/nntpext/0032.htm:
When authorization is required, the server will send a 480
response requesting authorization from the client. The client must
enter AUTHINFO USER followed by the username. Once sent, the
server will cache the username and may send a 381 response
requesting the password associated with that username. Should the
server request a password using the 381 respose, the client must
enter AUTHINFO PASS followed by a password and the server will
then check the authentication database to see if the
username/password combination is valid. If the combination is
valid or if no password is required, the server will return a 281
response. The client should then retry the original command to
which the server responded with the 480 response. The command
should then be processed by the server normally. If the
combination is not valid, the server will return a 502 response.
Ok... Background: I'm starting a project to implement a specific
type of authentication in a news server. All I need is the user name,
so I was looking up the protocols to see if the password was required
by the protocol, or if it can just accept the user name and not
require the user's agent to supply the password. I was happy to see
the above, but didn't know what user agent's typically did, so I
headed for the source for gnus (of course) to find:
(defun nntp-send-authinfo ()
"Send the AUTHINFO to the nntp server.
This function is supposed to be called from `nntp-server-opened-hook'.
It will prompt for a password."
(nntp-send-command "^.*\r?\n" "AUTHINFO USER" (user-login-name))
(nntp-send-command
"^.*\r?\n" "AUTHINFO PASS"
(nnmail-read-passwd (format "NNTP (%s) password: " nntp-address))))
IE, it auto-sends the password even if a 381 is never received. Now,
this is not a big deal of course, I just thought I'd mention it.
Technically there should be two functions, one for user and one for
password (ick).
The reason I don't want a password is that its sent in clear text,
which I'm trying to avoid so I have another method of associating an
IP address with a user name, and if they match, thats close enough
for government work. In fact, if they do suply a password, I'm going
to have an auto-yeller installed :-)
--
"Ninjas aren't dangerous. They're more afraid of you than you are of them."
next reply other threads:[~1997-11-20 18:32 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
1997-11-20 18:32 Wes Hardaker [this message]
1997-11-23 6:16 ` Lars Magne Ingebrigtsen
1997-11-24 21:33 ` Wes Hardaker
[not found] ` <x7zpmtc0l5.fsf@peorth.gweep.net>
1997-11-25 2:04 ` Wes Hardaker
[not found] ` <x7d8jpod8f.fsf@peorth.gweep.net>
1997-11-25 6:40 ` Wes Hardaker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=x7200btnzq.fsf@des.thegrid.net \
--to=wjhardaker@ucdavis.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).