adamm@necis.UUCP (Adam S. Moskowitz) (07/26/90)
I recently bumped into a known "situation" that I consider to be a short- coming if not a bug in ftp. I have several machines on a private network used exclusively for testing. Since they're just test machines, we don't bother with passwords. However, ftp doesn't grok null passwords. It seems to me that with a /etc/passwd entry such as "adamm::5006:. . ." ftp shouldn't even ask for a password. Since it does, it should be smart enough to recognize the null password the user gives. Before I go hacking on the code, is there any reason ftp (or ftpd as the case may be) shouldn't be changed to (correctly) deal with null passwords? Assuming the answer is no . . . I've browsed through the source code and found comments about strcmp having problems dealing with null passwords. Should I re-write as needed to make this work, or would it be better to hack ftpd to not require a password where none exists? Sorry if this has been hashed out before - my net.memory doesn't go back that far. Also, as usual, replies by email to the address below and I'll summarize (with code changes if appropriate). Thanx. AdamM -- "OSI: Same day delivery in a nanosecond world." | Adam S. Moskowitz | adamm@necis.nec.com | ...!uunet!harvard!\ Van Jacobson (on a T-shirt) | necntc!necis!adamm
jeff@onion.pdx.com (Jeff Beadles) (07/31/90)
In article <EMV.90Jul26234412@urania.math.lsa.umich.edu> emv@math.lsa.umich.edu (Edward Vielmetti) writes: :>In article <1364@necis.UUCP> adamm@necis.UUCP (Adam S. Moskowitz) writes: :> :> I have several machines on a private network used exclusively for :> testing. Since they're just test machines, we don't bother with :> passwords. However, ftp doesn't grok null passwords. It seems to me :> that with a /etc/passwd entry such as "adamm::5006:. . ." ftp :> shouldn't even ask for a password. Since it does, it should be :> smart enough to recognize the null password the user gives. :> :>I think what you mean is not "null password" but "no password required". :>Or perhaps "any password acceptable". :> :>Looking at RFC 959 (FTP) for clues, which you should do, it appears :>that according to the protocol the dialog should look like :> :> USER adamm :> 230 User logged in, proceed. :> :>rather than :> :> USER adamm<CRLF> :> 331 User name okay, need password. :> PASS <CRLF> :> 230 User logged in, proceed. :> :>cause it looks from the grammar in section 5.3.2 that a password :>is a "string" of length at least 1. :> :>--Ed :> :>Edward Vielmetti, U of Michigan math dept <emv@math.lsa.umich.edu> :>comp.archives moderator In all implimentions of ftpd that I've seen, they go out of their way to block no-password ftp attempts. Why, I'm not sure. -Jeff -- Jeff Beadles jeff@onion.pdx.com