| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
NNTP Command Extensions (Page 4 of 4) Other NNTP Extensions The last extension group is the other extensions, miscellaneous ones not strictly related to either inter-server or client-server NNTP interaction. There are two commands in this group: AUTHINFO and DATE. The latter is a simple command that causes the server to tell the client its current date and time. AUTHINFO is more interesting: it is used by a client to provide authentication data to a server. You may have noticed that there are no commands related to security described in the RFC 977 protocol. That's because the original NNTP had no security features whatsoever. Like many protocols written before the modern Internet era, security was not considered a big issue back in the early 1980s. Most news servers were used only by people within the organization owning the server, and simple security measures were used, such as restricting access to servers by IP address or through the use of access lists. One of the more important changes made by many NNTP software implementation as soon as Usenet grew in size was to require authentication. Modern clients will usually issue AUTHINFO as one of its first commands upon establishing a connection to a server, because the server will refuse to accept most other commands before this is done. A special reply code is also added to NNTP for a server to use if it rejects a command due to improper authentication. The AUTHINFO command can be invoked in several different ways. The original version of the command required the client to issue an AUTHINFO USER command with a user name, followed by AUTHINFO PASS with a password. Naturally, this is simple user/password login authentication. A variation of this is the AUTHINFO SIMPLE command, where the client needs to send just a password. A client and server can also agree to use more sophisticated authentication methods by making use of the AUTHINFO GENERIC command. The client provides to the server the name of the authentication method it wants to use, along with any arguments required for authentication. The client and server then exchange messages and authentication information as required by the particular authenticator they are using.
Home - Table Of Contents - Contact Us The TCP/IP Guide (http://www.TCPIPGuide.com) Version 3.0 - Version Date: September 20, 2005 © Copyright 2001-2005 Charles M. Kozierok. All Rights Reserved. Not responsible for any loss resulting from the use of this site. |