Finger User Information Protocol
RFC 1196

Document Type RFC - Draft Standard (December 1990; No errata)
Obsoleted by RFC 1288
Obsoletes RFC 742, RFC 1194
Last updated 2013-03-02
Stream Legacy
Formats plain text html pdf htmlized bibtex
Stream Legacy state (None)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state RFC 1196 (Draft Standard)
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                       D. Zimmerman
Request for Comments: 1196           Center for Discrete Mathematics and
Obsoletes: RFCs 1194, 742                   Theoretical Computer Science
                                                           December 1990

                  The Finger User Information Protocol

Status of this Memo

   This memo defines a protocol for the exchange of user information.
   This RFC specifies an IAB standards track protocol for the Internet
   community, and requests discussion and suggestions for improvements.
   Please refer to the current edition of the "IAB Official Protocol
   Standards" for the standardization state and status of this protocol.
   Distribution of this memo is unlimited.

Abstract

   This memo describes the Finger User Information Protocol.  This is a
   simple protocol which provides an interface to a remote user
   information program.

   Based on RFC 742, a description of the original Finger protocol, this
   memo attempts to clarify the expected communication between the two
   ends of a Finger connection.  It also tries not to invalidate the
   many existing implementations or add unnecessary restrictions to the
   original protocol definition.  This edition corrects and clarifies in
   a minor way, RFC 1194.

Table of Contents

1.      Introduction  ...........................................   2
  1.1.    Intent  ...............................................   2
  1.2.    History  ..............................................   3
  1.3.    Requirements  .........................................   3
2.      Use of the protocol  ....................................   3
  2.1.    Flow of events  .......................................   3
  2.2.    Data format  ..........................................   4
  2.3.    Query specifications  .................................   4
  2.4.    RUIP {Q2} behavior  ...................................   4
  2.5.    Expected RUIP response  ...............................   5
    2.5.1.  {C} query  ..........................................   5
    2.5.2.  {U}{C} query  .......................................   6
    2.5.3.  {U} ambiguity  ......................................   6
    2.5.4.  /W query token  .....................................   6
    2.5.5.  Vending machines  ...................................   7
3.      Security  ...............................................   7

Zimmerman                                                       [Page 1]
RFC 1196                         Finger                    December 1990

  3.1.    Implementation security  ..............................   7
  3.2.    RUIP security  ........................................   7
    3.2.1.  {Q2} refusal  .......................................   7
    3.2.2.  {C} refusal  ........................................   8
    3.2.3.  Atomic discharge  ...................................   8
    3.2.4.  User information files  .............................   8
    3.2.5.  Execution of user programs  .........................   9
    3.2.6.  {U} ambiguity  ......................................   9
    3.2.7.  Audit trails  .......................................   9
  3.3.    Client security  ......................................   9
4.      Examples  ...............................................  10
  4.1.    Example with a null command line ({C})  ...............  10
  4.2.    Example with name specified ({U}{C})  .................  10
  4.3.    Example with ambiguous name specified ({U}{C})  .......  11
  4.4.    Example of query type {Q2} ({U}{H}{H}{C})  ............  11
5.      Acknowledgments  ........................................  12
6.      Security Considerations  ................................  12
7.      Author's Address  .......................................  12

1.  Introduction

1.1.  Intent

   This memo describes the Finger User Information Protocol.  This is a
   simple protocol which provides an interface to a remote user
   information program (RUIP).

   Based on RFC 742, a description of the original Finger protocol, this
   memo attempts to clarify the expected communication between the two
   ends of a Finger connection.  It also tries not to invalidate the
   many current implementations or add unnecessary restrictions to the
   original protocol definition.

   The most prevalent implementations of Finger today seem to be
   primarily derived from the BSD UNIX work at the University of
   California, Berkeley.  Thus, this memo is based around the BSD
   version's behavior.

   However, the BSD version provides few options to tailor the Finger
   RUIP for a particular site's security policy, or to protect the user
   from dangerous data.  Furthermore, there are MANY potential security
   holes that implementors and administrators need to be aware of,
   particularly since the purpose of this protocol is to return
   information about a system's users, a sensitive issue at best.
Show full document text