Finger User Information Protocol
RFC 1194
Document | Type |
RFC - Draft Standard
(November 1990; No errata)
Obsoletes RFC 742
|
|
---|---|---|---|
Last updated | 2013-03-02 | ||
Stream | Legacy | ||
Formats | plain text pdf htmlized bibtex | ||
Stream | Legacy state | (None) | |
Consensus Boilerplate | Unknown | ||
RFC Editor Note | (None) | ||
IESG | IESG state | RFC 1194 (Draft Standard) | |
Telechat date | |||
Responsible AD | (None) | ||
Send notices to | (None) |
Network Working Group D. Zimmerman Request for Comments: 1194 Center for Discrete Mathematics and Obsoletes: RFC 742 Theoretical Computer Science November 1990 The Finger User Information Protocol Status of this Memo This memo defines a protocol for the exchange of user information. This RFC specifies an IAB standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "IAB Official Protocol Standards" for the standardization state and status of this protocol. Distribution of this memo is unlimited. Abstract This memo describes the Finger User Information Protocol. This is a simple protocol which provides an interface to a remote user information program. Based on RFC 742, a description of the original Finger protocol, this memo attempts to clarify the expected communication between the two ends of a Finger connection. It also tries not to invalidate the many existing implementations or add unnecessary restrictions to the original protocol definition. Table of Contents 1. Introduction ........................................... 2 1.1. Intent ............................................... 2 1.2. History .............................................. 3 1.3. Requirements ......................................... 3 2. Use of the protocol .................................... 3 2.1. Flow of events ....................................... 3 2.2. Data format .......................................... 4 2.3. Query specifications ................................. 4 2.4. RUIP {Q2} behavior ................................... 4 2.5. Expected RUIP response ............................... 5 2.5.1. {C} query .......................................... 5 2.5.2. {U}{C} query ....................................... 6 2.5.3. {U} ambiguity ...................................... 6 2.5.4. /W query token ..................................... 6 2.5.5. Vending machines ................................... 7 3. Security ............................................... 7 3.1. Implementation security .............................. 7 Zimmerman [Page 1] RFC 1194 Finger November 1990 3.2. RUIP security ........................................ 7 3.2.1. {Q2} refusal ....................................... 7 3.2.2. {C} refusal ........................................ 8 3.2.3. Atomic discharge ................................... 8 3.2.4. User information files ............................. 8 3.2.5. Execution of user programs ......................... 9 3.2.6. {U} ambiguity ...................................... 9 3.2.7. Audit trails ....................................... 9 3.3. Client security ...................................... 9 4. Examples ............................................... 10 4.1. Example with a null command line ({C}) ............... 10 4.2. Example with name specified ({U}{C}) ................. 10 4.3. Example with ambiguous name specified ({U}{C}) ....... 11 4.4. Example of query type {Q2} ({U}{H}{H}{C}) ............ 11 5. Acknowledgments ........................................ 12 6. Security Considerations ................................ 12 7. Author's Address ....................................... 12 1. Introduction 1.1. Intent This memo describes the Finger User Information Protocol. This is a simple protocol which provides an interface to a remote user information program (RUIP). Based on RFC 742, a description of the original Finger protocol, this memo attempts to clarify the expected communication between the two ends of a Finger connection. It also tries not to invalidate the many current implementations or add unnecessary restrictions to the original protocol definition. The most prevalent implementations of Finger today seem to be primarily derived from the BSD UNIX work at the University of California, Berkeley. Thus, this memo is based around the BSD version's behavior. However, the BSD version provides few options to tailor the Finger RUIP for a particular site's security policy, or to protect the user from dangerous data. Furthermore, there are MANY potential security holes that implementors and administrators need to be aware of, particularly since the purpose of this protocol is to return information about a system's users, a sensitive issue at best. Therefore, this memo makes a number of important security commentsShow full document text