Common NNTP Extensions

Be sure to read the "RKT couplings" below for additional information, comments, and links.

NNTP-Ext:[Previous][Up to Table of Contents] [Next]

NNTP-Ext 3.1.1 Original AUTHINFO

    AUTHINFO USER username
    AUTHINFO PASS password

    The original AUTHINFO is used to identify a specific entity
    to the server using a simple username/password combination.
    It first appeared in the UNIX reference implementation.

    When authorization is required, the server will send a 480
    response requesting authorization from the client. The
    client must enter AUTHINFO USER followed by the username.
    Once sent, the server will cache the username and may send
    a 381 response requesting the password associated with that
    username. Should the server request a password using the 381
    respose, the client must enter AUTHINFO PASS followed by
    a password and the server will then check the authentication
    database to see if the username/password combination is valid.
    If the combination is valid or if no password is required,
    the server will return a 281 response. The client should then
    retry the original command to which the server responded with
    the 480 response. The command should then be processed by
    the server normally. If the combination is not valid, the server
    will return a 502 response.

    Clients must provide authentication when requested by the server.
    It is possible that some implementations will accept authentication
    information at the beginning of a session, but this was not the
    original intent of the specification. If a client attempts to
    reauthenticate, the server may return 482 response indicating
    that the new authentication data is rejected by the server.
    The 482 code will also be returned when the AUTHINFO commands
    are not entered in the correct sequence (like two AUTHINFO
    USERs in a row, or AUTHINFO PASS preceding AUTHINFO USER).

    All information is passed in cleartext.

    When authentication succeeds, the server will create an email
    address for the client from the user name supplied in the
    AUTHINFO USER command and the hostname generated by a reverse
    lookup on the IP address of the client. If the reverse lookup
    fails, the IP address, represented in dotted-quad format, will
    be used. Once authenticated, the server shall generate a Sender:
    line using the email address provided by authentication if it
    does not match the client-supplied From: line. Additionally,
    the server should log the  event, including the email address
    This will provide a means by which subsequent statistics generation
    can associate newsgroup references with unique entities - not
    necessarily by name. Responses

        281 Authentication accepted
        381 More authentication information required
        480 Authentication required
        482 Authentication rejected
        502 No permission

[Source:"draft-ietf-nntp-imp-02.txt"] [Last Changed:March 1998]
[Copyright: 1998 S. Barber]

NNTP-Ext:[Previous][Up to Table of Contents] [Next]

(Corrections, notes, and links for Usenet RKT.)
by Mib Software, NNTP software and consulting

Note that all RFC977 2.4.3. General Responses may also be received.

Be sure to read NNTP-Ext 6.0 Security Considerations

Overview and Related Topics
Up To: NNTP-Ext 3. Other Extensions
NNTP Command Syntax
NNTP Response Syntax

RKT Rapid-Links:[Search] [RKT Tips] Path:For Developers / NNTProtocol / NNTP-Ext / 3.1 AUTHINFO / 0032.htm

Copyright 1998, Forrest J. Cavalier III
Mib Software, NNTP software and consulting