Network News Transfer Protocol (NNTP) Extension for Authentication
RFC 4643
Document | Type |
RFC - Proposed Standard
(October 2006; Errata)
Updates RFC 2980
|
|
---|---|---|---|
Authors | Kenneth Murchison , Jeffrey Vinocur | ||
Last updated | 2020-01-21 | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized with errata bibtex | ||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 4643 (Proposed Standard) | |
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Scott Hollenbeck | ||
Send notices to | (None) |
Network Working Group J. Vinocur Request for Comments: 4643 Cornell University Updates: 2980 K. Murchison Category: Standards Track Carnegie Mellon University October 2006 Network News Transfer Protocol (NNTP) Extension for Authentication Status of This Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2006). Abstract This document defines an extension to the Network News Transfer Protocol (NNTP) that allows a client to indicate an authentication mechanism to the server, to perform an authentication protocol exchange, and optionally to negotiate a security layer for subsequent protocol interactions during the remainder of an NNTP session. This document updates and formalizes the AUTHINFO USER/PASS authentication method specified in RFC 2980 and deprecates the AUTHINFO SIMPLE and AUTHINFO GENERIC authentication methods. Additionally, this document defines a profile of the Simple Authentication and Security Layer (SASL) for NNTP. Vinocur, et al. Standards Track [Page 1] RFC 4643 NNTP Authentication October 2006 Table of Contents 1. Introduction ............................................. 3 1.1. Conventions Used in This Document ................... 3 2. The AUTHINFO Extension ................................... 4 2.1. Advertising the AUTHINFO Extension .................. 4 2.2. Authenticating with the AUTHINFO Extension .......... 5 2.3. AUTHINFO USER/PASS Command .......................... 6 2.3.1. Usage ........................................ 7 2.3.2. Description .................................. 7 2.3.3. Examples ..................................... 9 2.4. AUTHINFO SASL Command ............................... 9 2.4.1. Usage ........................................ 10 2.4.2. Description .................................. 11 2.4.3. Examples ..................................... 14 3. Augmented BNF Syntax for the AUTHINFO Extension .......... 16 3.1. Commands ............................................ 16 3.2. Command Continuation ................................ 17 3.3. Responses ........................................... 17 3.4. Capability Entries .................................. 17 3.5. General Non-terminals ............................... 18 4. Summary of Response Codes ................................ 18 5. Authentication Tracking/Logging .......................... 18 6. Security Considerations .................................. 19 7. IANA Considerations ...................................... 20 7.1. IANA Considerations for SASL/GSSAPI Services ........ 20 7.2. IANA Considerations for NNTP Extensions ............. 20 8. Acknowledgements ......................................... 21 9. References ............................................... 22 9.1. Normative References ................................ 22 9.2. Informative References .............................. 22 Vinocur, et al. Standards Track [Page 2] RFC 4643 NNTP Authentication October 2006 1. Introduction Although NNTP [NNTP] has traditionally been used to provide public access to newsgroups, authentication is often useful for several purposes; for example, to control resource consumption, to allow abusers of the POST command to be identified, and to restrict access to "local" newsgroups. The ad-hoc AUTHINFO USER and AUTHINFO PASS commands, documented in [NNTP-COMMON], provide a very weak authentication mechanism in widespread use by the installed base. Due to their ubiquity, they are formalized in this specification but (because of their insecurity) only for use in combination with appropriate security layers. The ad hoc AUTHINFO GENERIC command, also documented in [NNTP-COMMON] but much less ubiquitous, provided an NNTP-specific equivalent of the generic SASL [SASL] facility. This document deprecates AUTHINFO GENERIC in favor of an AUTHINFO SASL replacement so that NNTP can benefit from authentication mechanisms developed for other SASL- enabled application protocols, including Simple Mail Transfer Protocol (SMTP) [SMTP-AUTH], Post Office Protocol (POP) [POP-AUTH],Show full document text