Network News Transfer Protocol (NNTP) Extension for Authentication
RFC 4643

Document Type RFC - Proposed Standard (October 2006; Errata)
Updates RFC 2980
Last updated 2013-03-02
Stream IETF
Formats plain text pdf html
Stream WG state (None)
Consensus Unknown
Document shepherd No shepherd assigned
IESG IESG state RFC 4643 (Proposed Standard)
Telechat date
Responsible AD Scott Hollenbeck
Send notices to ned.freed@mrochek.com, rra@stanford.edu
Network Working Group                                         J. Vinocur
Request for Comments: 4643                            Cornell University
Updates: 2980                                               K. Murchison
Category: Standards Track                     Carnegie Mellon University
                                                            October 2006

                 Network News Transfer Protocol (NNTP)
                      Extension for Authentication

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2006).

Abstract

   This document defines an extension to the Network News Transfer
   Protocol (NNTP) that allows a client to indicate an authentication
   mechanism to the server, to perform an authentication protocol
   exchange, and optionally to negotiate a security layer for subsequent
   protocol interactions during the remainder of an NNTP session.

   This document updates and formalizes the AUTHINFO USER/PASS
   authentication method specified in RFC 2980 and deprecates the
   AUTHINFO SIMPLE and AUTHINFO GENERIC authentication methods.
   Additionally, this document defines a profile of the Simple
   Authentication and Security Layer (SASL) for NNTP.

Vinocur, et al.             Standards Track                     [Page 1]
RFC 4643                  NNTP Authentication               October 2006

Table of Contents

   1. Introduction .............................................  3
      1.1. Conventions Used in This Document ...................  3
   2. The AUTHINFO Extension ...................................  4
      2.1. Advertising the AUTHINFO Extension ..................  4
      2.2. Authenticating with the AUTHINFO Extension ..........  5
      2.3. AUTHINFO USER/PASS Command ..........................  6
           2.3.1. Usage ........................................  7
           2.3.2. Description ..................................  7
           2.3.3. Examples .....................................  9
      2.4. AUTHINFO SASL Command ...............................  9
           2.4.1. Usage ........................................ 10
           2.4.2. Description .................................. 11
           2.4.3. Examples ..................................... 14
   3. Augmented BNF Syntax for the AUTHINFO Extension .......... 16
      3.1. Commands ............................................ 16
      3.2. Command Continuation ................................ 17
      3.3. Responses ........................................... 17
      3.4. Capability Entries .................................. 17
      3.5. General Non-terminals ............................... 18
   4. Summary of Response Codes ................................ 18
   5. Authentication Tracking/Logging .......................... 18
   6. Security Considerations .................................. 19
   7. IANA Considerations ...................................... 20
      7.1. IANA Considerations for SASL/GSSAPI Services ........ 20
      7.2. IANA Considerations for NNTP Extensions ............. 20
   8. Acknowledgements ......................................... 21
   9. References ............................................... 22
      9.1. Normative References ................................ 22
      9.2. Informative References .............................. 22

Vinocur, et al.             Standards Track                     [Page 2]
RFC 4643                  NNTP Authentication               October 2006

1.  Introduction

   Although NNTP [NNTP] has traditionally been used to provide public
   access to newsgroups, authentication is often useful for several
   purposes; for example, to control resource consumption, to allow
   abusers of the POST command to be identified, and to restrict access
   to "local" newsgroups.

   The ad-hoc AUTHINFO USER and AUTHINFO PASS commands, documented in
   [NNTP-COMMON], provide a very weak authentication mechanism in
   widespread use by the installed base.  Due to their ubiquity, they
   are formalized in this specification but (because of their
   insecurity) only for use in combination with appropriate security
   layers.

   The ad hoc AUTHINFO GENERIC command, also documented in [NNTP-COMMON]
   but much less ubiquitous, provided an NNTP-specific equivalent of the
   generic SASL [SASL] facility.  This document deprecates AUTHINFO
Show full document text