cam@columbia-pdn (Chris Markle acc_gnsc) (09/04/87)
Folks,
A number of people have quickly pointed out to me that section 5.4
"Sequencing of Commands and Replies" in RFC 959 specifically states the
responses that are valid after a PASS command, and guess what, 331 is
not one of them.
So, if the password specified on the PASS command has expired we will do the
following:
1) send a "530 passwd expired; retry with passwd/newpasswd"
2) extend the syntax for the PASS text to allow specification of a new passwd
PASS passwd[/newpasswd] [GROUP(xxx)]
(GROUP is another piece of user id the user may want to specify in a usual
MVS security environment)
3) while we're at it, extend the syntax of the USER command also
USER userid[/passwd[/newpasswd]] [GROUP(xxx)]
This will screw up 4.x users who use .netrc files to allow auto-login
when 4.x client FTP connects to a remote host, in the case where the passwd
has expired, but that's life in the big (BLUE) city!
Chris Markle - cam@acc-sb-unix.arpa - (301)290-8100STJOHNS@SRI-NIC.ARPA (09/05/87)
No, no, no!!! DO NOT extend the meaning of the USER command or for that matter that of the PASS command. They have very specific meanings. Instead, create your own extension commands "XCPW" and "XGRP". These can be specified via the "quote" command that is supposed to be part of all FTP implementations. This is within the scope of the standard. Please, be sensible - standards are there for a reason, interoperability. Mike