nelson@sun.soe.clarkson.edu (Russ Nelson) (12/21/89)
If your system allows anonymous FTP, then it should map an unknown userid into the one used for anonymous FTP. The effect of this is that users who cannot spell anonymoose still get logged in as anonymous. Perhaps this idea is obvious to everyone else, and they discarded it for one reason or another. It wasn't obvious to me, and I thought it was a good idea. So I hacked it into KA9Q's NOS and it's running on grape.ecs.clarkson.edu. -- --russ (nelson@clutx [.bitnet | .clarkson.edu]) Russ.Nelson@$315.268.6667 Live up to the light thou hast, and more will be granted thee. A recession now appears more than 2 years away -- John D. Mathon, 4 Oct 1989. I think killing is value-neutral in and of itself. -- Gary Strand, 8 Nov 1989. Liberals run this country, by and large. -- Clayton Cramer, 20 Nov 1989. Shut up and mind your Canadian business, you meddlesome foreigner. -- TK, 23 N.
LARSON@CRVAX.SRI.COM (Alan Larson) (12/21/89)
--> If your system allows anonymous FTP, then it should map an unknown userid --> into the one used for anonymous FTP. The effect of this is that users --> who cannot spell anonymoose still get logged in as anonymous. --> --> Perhaps this idea is obvious to everyone else, and they discarded it --> for one reason or another. It wasn't obvious to me, and I thought it --> was a good idea. So I hacked it into KA9Q's NOS and it's running on --> grape.ecs.clarkson.edu. This has the problem that it will map errors in logins to other accounts to anonymous. Why should we map 'larfson' into 'anonymous' when I mistype my name while logging in? I will wind up with successful status, but will not be connected to where I thought I was. The curmudgeon in me suggests: Why don't we just request that people learn to spell, or has that gone out of favor since I went to school? Alan -------
a20@nikhefh.nikhef.nl (Marten Terpstra) (12/21/89)
In article <NELSON.89Dec20233752@image.clarkson.edu> nelson@clutx.clarkson.edu writes: >If your system allows anonymous FTP, then it should map an unknown userid >into the one used for anonymous FTP. The effect of this is that users >who cannot spell anonymoose still get logged in as anonymous. > As you may know most FTP servers also accept userid ftp as the anonymous userid. Since ftp isn't to hard to spell, this solves your problem. __ Marten Terpstra National Institute for Nuclear Internet : terpstra@nikhef.nl and High Energy Physics Oldie-net: {....}mcsun!nikhefh!terpstra (NIKHEF-H), PO Box 41882, 1009 DB Bitnet : terpstra%nikhef.nl@hasara5.bitnet Amsterdam, The Netherlands
nelson@sun.soe.clarkson.edu (Russ Nelson) (12/21/89)
In article <630229363.780000.LARSON@CRVAX.SRI.COM> LARSON@CRVAX.SRI.COM (Alan Larson) writes:
--> If your system allows anonymous FTP, then it should map an
--> unknown userid into the one used for anonymous FTP. The effect
--> of this is that users who cannot spell anonymoose still get
--> logged in as anonymous.
-->
--> Perhaps this idea is obvious to everyone else, and they discarded it
--> for one reason or another. It wasn't obvious to me, and I thought it
--> was a good idea. So I hacked it into KA9Q's NOS and it's running on
--> grape.ecs.clarkson.edu.
This has the problem that it will map errors in logins to other
accounts to anonymous. Why should we map 'larfson' into 'anonymous'
when I mistype my name while logging in? I will wind up with successful
status, but will not be connected to where I thought I was.
This is a reasonable objection. I think it could be solved by requesting
the password saying something like: "Userid foobar not recognized, mapping
it to anonymous".
The curmudgeon in me suggests: Why don't we just request that people
learn to spell, or has that gone out of favor since I went to school?
I implemented this because my boss told me to make anonymous ftp as
easy as possible. He says: "I want people who know nothing about ftp
to be able to get on with no other instructions than 'ftp to
grape.ecs.clarkson.edu'".
Whatever happened to the dictum "be liberal in what you accept, conservative
in what you generate"?
--
--russ (nelson@clutx [.bitnet | .clarkson.edu]) Russ.Nelson@$315.268.6667
Live up to the light thou hast, and more will be granted thee.
A recession now appears more than 2 years away -- John D. Mathon, 4 Oct 1989.
I think killing is value-neutral in and of itself. -- Gary Strand, 8 Nov 1989.
Liberals run this country, by and large. -- Clayton Cramer, 20 Nov 1989.
Shut up and mind your Canadian business, you meddlesome foreigner. -- TK, 23 N.donp@na.excelan.com (don provan) (12/22/89)
>I implemented this because my boss told me to make anonymous ftp as >easy as possible. He says: "I want people who know nothing about ftp >to be able to get on with no other instructions than 'ftp to >grape.ecs.clarkson.edu'". Actually, there's nothing in FTP that requires any login at all. The first FTP server i had to deal with would do an implicit "anonymous" login when needed if no "USER" command was given. I've never quite figured out why the famous "anonymous" login was adopted but the much simpler implicit login is never implemented. >Whatever happened to the dictum "be liberal in what you accept, conservative >in what you generate"? This dictum applies to protocol implementations, not user interfaces. A misbehaving peer will probably continue to misbehave indefinitely. A mistaken user is capable of correcting her mistakes. don provan donp@excelan.com
mrc@Tomobiki-Cho.CAC.Washington.EDU (Mark Crispin) (12/22/89)
In article <909@excelan.COM> donp@na.excelan.com (don provan) writes: >Actually, there's nothing in FTP that requires any login at all. The >first FTP server i had to deal with would do an implicit "anonymous" >login when needed if no "USER" command was given. Ah, fond memories of ITS! Actually, that winning feature was also put in the good version of Tenex/TOPS-20 NCP-based FTP server, but it never made it into the TCP FTP server. >I've never quiteb >figured out why the famous "anonymous" login was adopted but the much >simpler implicit login is never implemented. I think it's history. On Tenex (the first OS that had ANONYMOUS login), the server did a real LOGIN system call. To do this, there had to be such a login directory as <ANONYMOUS>, and the FTP server had to be able to discover <ANONYMOUS>'s password (never mind if don't know how this was done; you probably shouldn't know!). If these weren't true, then no ANONYMOUS login was possible. The Tenex (and later TOPS-20) FTP server did no file access checks; it assumed that the operating system would do all that, based on the access rights that the particular user had. So, it was important to log in *before* any files were accessed. The objection to an automatic login as ANONYMOUS was that once you logged in, you were stuck with that. If you wanted superior access rights, you had to quit your FTP connection, re-connect, and log in all over again. No one wanted to implement "re-login", with all the possible security loopholes that implied, just for the convenience of the FTP server. When auto-login was implemented in the NCP FTP server (I forget if it was Ken Harrenstein or I who did it), some people continued to object on this basis, even when it was pointed out that a retrieve without a login would just have been an error before. I guess it was religious. As for the Unix FTP server, I'm sure it's just a combination of inertia and copying aspects of a design that are irrelevant on Unix. Mark Crispin / 6158 Lariat Loop NE / Bainbridge Island, WA 98110-2098 mrc@CAC.Washington.EDU -- MRC@PANDA.PANDA.COM -- (206) 842-2385 Atheist & Proud -- R90/6 pilot -- Lum-chan ga suki ja!!! tabesaserarenakerebanaranakattarashii...kisha no kisha ga kisha de kisha-shita sumomo mo momo, momo mo momo, momo ni mo iroiro aru uraniwa ni wa niwa, niwa ni wa niwa niwatori ga iru
MAP@LCS.MIT.EDU (Michael A. Patton) (12/23/89)
Date: 21 Dec 89 21:43:41 GMT From: milton!blake!Tomobiki-Cho!mrc@beaver.cs.washington.edu (Mark Crispin) In article <909@excelan.COM> donp@na.excelan.com (don provan) writes: >Actually, there's nothing in FTP that requires any login at all. The >first FTP server i had to deal with would do an implicit "anonymous" >login when needed if no "USER" command was given. Ah, fond memories of ITS! Actually, that winning feature was also put in the good version of Tenex/TOPS-20 NCP-based FTP server, but it never made it into the TCP FTP server. This brings up one of my pet peeves about many current FTP client implementations. Several of the machines I FTP to do not require a login for anonymous access, but the clients typically make me log in anyway. In fact, I had to specially hack one of the servers to ignore a login request for anonymous which would otherwise be an invalid name. This was to fake the clients into believing the login had succeeded so they would let me transfer files. Please, if you are implementing an FTP client, allow for the case of the remote machine having an open access policy, not needing any login. Don't restrict access by insisting on login even when it's not needed (and may not be possible). __ /| /| /| \ Michael A. Patton, Network Manager / | / | /_|__/ Laboratory for Computer Science / |/ |/ |atton Massachusetts Institute of Technology Disclaimer: The opinions expressed above are a figment of the phosphor on your screen and do not represent the views of MIT, LCS, or MAP. :-)
bzs@world.std.com (Barry Shein) (12/27/89)
There is a good reason to use the anonymous login name (under unix or
other OS's), it lets a sysadmin turn this on and off using familiar
tools (i.e. disable the account or don't set it up and you don't have
anonymous login.) One could invent yet another whistle (they're there
already, play with inetd.conf etc., or is that /etc/inetd.conf?) but
this is intuitively obvious and quick.
Considering the rash of holes found a while back in anonymous FTP's I
assume this was used and useful (adding/deleting a password for the
anon acct is fine on/off mechanism.) I will do this sort of thing just
because I'm rearranging files drastically or want to back-up the disk.
I have nothing against versions which loosen these conditions, but
it's not entirely vestigial and nice to use a known facility to
control something rather than inventing yet another administrative
sub-system.
Anyhow, this is all art, not science.
-Barry Shein
Software Tool & Die, Purveyors to the Trade | bzs@world.std.com
1330 Beacon St, Brookline, MA 02146, (617) 739-0202 | {xylogics,uunet}world!bzs