NNTP authentication problem with Pan...

[Matthew Berg <wdomburg pce net>]

First off, I want to thank e.Messiah for writing Pan.  It truly is a
sight for sore eyes after using Netscape Mail for the past 3 years.  

I would, however, like to share the experience of trying to connect to
my mail server successfully. 

Starting Pan for the first time it prompted for a server, username,
password, as well as a handful of other information.  I simply filled in
the blanks and accepted its offer to download a group of lists.  It was
at this point that I was informed that the server had rejected my
authorization.

Popping over to Netscape, I successfully refreshed my group list.  So of
course I double checked my settings and tried again with no success.  I
went so far as to delete the .panrc file and .pan directory and tried
again with the same results.

At this point, to test, I telneted to port 119 of the server and
attempted to manually send the commands to authenticate:

	200 news.wnysurf.net DNEWS Version 5.0f, S0, posting OK

	>> AUTHINFO USER username 

	381 PASS required

	>> AUTHINFO PASS password 

	502 Authentication error

	>> GROUP comp.os.linux.admin 

	480 User and password still required, authinfo command

Very interesting. Fails authentication with a valid username and
password (obviously not disclosed above), and seems to indicate that it
requires authorization. Yes somehow Netscape manages to connection with
the same exact username and password. 

(Note: The server is using old convention status codes in response. New
convention would replace 381 with 350; 502 with 452; and 480 with 482.)

Just in case other authentication types were supported (possibly
AUTHINFO SIMPLE from the NNTPv2 proposed standard, or AUTHINFO GENERIC
for encrypted password) I tried executing the LIST EXTENSIONS command:

	>> LIST EXTENSIONS

	501 command syntax error (or un-implemented option)

And failing that tries running the alternate AUTHINFO commands with no
parameters.

	>> AUTHINFO GENERIC

	481 bad authinfo param
	
	>> AUTHINFO SIMPLE

	481 bad authinfo param

No luck. The server obviously was only offering the traditional AUTHINFO
commands. At this point, I shut down my server connection and did a bit
of packet sniffing while Netscape was connecting to the server.  To my
suprise, no authorization was offered and the server never asked. I
confirmed this with another quick telnet:

	200 news.wnysurf.net DNEWS Version 5.0f, S0, posting OK 

	>> GROUP comp.os.linux.admin

	211 110 2295 2404 comp.os.linux.admin selected

Funny way to set a server - steadfastly refuse to allow access to
anything if you attempt authorization, but give anything asked for if
you never try. :) I am likely going to talk to NetWin about this and
suggest that if authorization is not required for a resource to ignore
previous authorization attempts.

(As an aside, my ISP restricts access via IP matching, rather than
username/password combos, in case anyone is interested.) 

For the time being, I found it was enough to remove my Pan config files
and conviently skip over the password and username fields (blanking the
fields was unfortunately not enough).

Aside from providing a workaround for anyone who may have come across
this problem, I would like to make a possible change in Pan's NNTP
session code.  Rather than immediately sending AUTHINFO commands at the
beginning of the session, it may be desirable to provide them only when
the server has denied access to a particular resource (i.e. has returned
a 450 or 381 status code.)

My reading on the current draft NNTP specifications did mention that
clients were not intended to offer AUTHINFO unless explicetly asked by
the server. Though it is now in the draft that servers should accept it
if offered, it was not in the origional drafts and may cause issues with
other server implementations that have not updated to the current
recommendations.	

Sorry if this was a bit long-winded, but hopefully at least one person
will find it of use and save themselves the research I had to do.

Galt

(P.S. The number one item on my wishlist of yet-to-be-implemented
features in Pan is the ability to open attachments based on MIME type
from within Pan.  Preferably using the Gnome MIME repository. :)