Finger User Information Protocol
RFC 1194

Document Type RFC - Draft Standard (November 1990; No errata)
Obsoleted by RFC 1288, RFC 1196
Obsoletes RFC 742
Last updated 2013-03-02
Stream Legacy
Formats plain text pdf htmlized bibtex
Stream Legacy state (None)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state RFC 1194 (Draft Standard)
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                       D. Zimmerman
Request for Comments: 1194           Center for Discrete Mathematics and
Obsoletes: RFC 742                          Theoretical Computer Science
                                                           November 1990

                  The Finger User Information Protocol

Status of this Memo

   This memo defines a protocol for the exchange of user information.
   This RFC specifies an IAB standards track protocol for the Internet
   community, and requests discussion and suggestions for improvements.
   Please refer to the current edition of the "IAB Official Protocol
   Standards" for the standardization state and status of this protocol.
   Distribution of this memo is unlimited.

Abstract

   This memo describes the Finger User Information Protocol.  This is a
   simple protocol which provides an interface to a remote user
   information program.

   Based on RFC 742, a description of the original Finger protocol, this
   memo attempts to clarify the expected communication between the two
   ends of a Finger connection.  It also tries not to invalidate the
   many existing implementations or add unnecessary restrictions to the
   original protocol definition.

Table of Contents

1.      Introduction  ...........................................   2
  1.1.    Intent  ...............................................   2
  1.2.    History  ..............................................   3
  1.3.    Requirements  .........................................   3
2.      Use of the protocol  ....................................   3
  2.1.    Flow of events  .......................................   3
  2.2.    Data format  ..........................................   4
  2.3.    Query specifications  .................................   4
  2.4.    RUIP {Q2} behavior  ...................................   4
  2.5.    Expected RUIP response  ...............................   5
    2.5.1.  {C} query  ..........................................   5
    2.5.2.  {U}{C} query  .......................................   6
    2.5.3.  {U} ambiguity  ......................................   6
    2.5.4.  /W query token  .....................................   6
    2.5.5.  Vending machines  ...................................   7
3.      Security  ...............................................   7
  3.1.    Implementation security  ..............................   7

Zimmerman                                                       [Page 1]
RFC 1194                         Finger                    November 1990

  3.2.    RUIP security  ........................................   7
    3.2.1.  {Q2} refusal  .......................................   7
    3.2.2.  {C} refusal  ........................................   8
    3.2.3.  Atomic discharge  ...................................   8
    3.2.4.  User information files  .............................   8
    3.2.5.  Execution of user programs  .........................   9
    3.2.6.  {U} ambiguity  ......................................   9
    3.2.7.  Audit trails  .......................................   9
  3.3.    Client security  ......................................   9
4.      Examples  ...............................................  10
  4.1.    Example with a null command line ({C})  ...............  10
  4.2.    Example with name specified ({U}{C})  .................  10
  4.3.    Example with ambiguous name specified ({U}{C})  .......  11
  4.4.    Example of query type {Q2} ({U}{H}{H}{C})  ............  11
5.      Acknowledgments  ........................................  12
6.      Security Considerations  ................................  12
7.      Author's Address  .......................................  12

1.  Introduction

1.1.  Intent

   This memo describes the Finger User Information Protocol.  This is a
   simple protocol which provides an interface to a remote user
   information program (RUIP).

   Based on RFC 742, a description of the original Finger protocol, this
   memo attempts to clarify the expected communication between the two
   ends of a Finger connection.  It also tries not to invalidate the
   many current implementations or add unnecessary restrictions to the
   original protocol definition.

   The most prevalent implementations of Finger today seem to be
   primarily derived from the BSD UNIX work at the University of
   California, Berkeley.  Thus, this memo is based around the BSD
   version's behavior.

   However, the BSD version provides few options to tailor the Finger
   RUIP for a particular site's security policy, or to protect the user
   from dangerous data.  Furthermore, there are MANY potential security
   holes that implementors and administrators need to be aware of,
   particularly since the purpose of this protocol is to return
   information about a system's users, a sensitive issue at best.
   Therefore, this memo makes a number of important security comments
Show full document text