From owner-freebsd-security Thu Dec 4 08:02:51 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id IAA01882 for security-outgoing; Thu, 4 Dec 1997 08:02:51 -0800 (PST) (envelope-from owner-freebsd-security) Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id IAA01868 for ; Thu, 4 Dec 1997 08:02:46 -0800 (PST) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.8.5/8.8.5) id LAA17027; Thu, 4 Dec 1997 11:02:34 -0500 (EST) Date: Thu, 4 Dec 1997 11:02:34 -0500 (EST) From: Garrett Wollman Message-Id: <199712041602.LAA17027@khavrinen.lcs.mit.edu> To: "Jordan K. Hubbard" Cc: Adam Shostack , robert@cyrus.watson.org, security@FreeBSD.ORG Subject: Re: Possible problem with ftpd 6.00 In-Reply-To: <15222.881232488@time.cdrom.com> References: <199712040810.DAA19509@homeport.org> <15222.881232488@time.cdrom.com> Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk < said: > Which would break the heck out of many traditional FTP clients which > expect every user, be it a legit one or an anonymous one, will result > in a password being requested by the ftpd and they'll probably fail Only if they were written by idiots and within the past ten years. Old TOPS-20 systems never required a password for anonymous access, if I remember aright. (Of course, ITS and WAITS would talk to you without logging in.) An FTP client should be prepared to accept either a 331 ``Send password'' or a 230 ``Login OK'' response after sending any username. -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick