- Previous message: Ciprian Vizitiu: "RE: Virtual domains and and"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
|
|
|
From: Adrian Buciuman (no email)
Date: Sat Apr 08 2006 - 06:43:04 EDT
>http://bugzilla.andrew.cmu.edu/show_bug.cgi?id=2792
>------- Additional Comments From murch at andrew dot cmu dot edu 2006-04-07 11:18 ------
>I assume that you want the generic "authentication failure" in both
cases, correct?
>------- Additional Comments From murch at andrew dot cmu dot edu 2006-04-07 16:07 ------
>Fixed in CVS (2.2 and 2.3). Not returning "user not found" in protocol is now
>the standard behavior.
For me it doesn't really matter. I have two servers, and both are
accessible only from private networks. But if I found something I
believe is odd, I usually report it.
Returning "user not found" may be more useful for troubleshooting.
("Is the password wrong, or is @domain needed after username??")
Public accessible sites probably like a generic "authentication failure".
On the other hand, according to RFC 3501 in section 11.2 page 93:
"A server error message for a failing LOGIN command SHOULD NOT specify
that the user name, as opposed to the password, is invalid."
(Why not the same requirement for AUTHENTICATE ?)
---- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
|
|
|