Re: Multiple 331 passwd responses in FTP protocol

Chris Markle acc_gnsc (cam@columbia-pdn)
Fri, 4 Sep 87 16:59:07 EDT


A number of people have quickly pointed out to me that section 5.4
"Sequencing of Commands and Replies" in RFC 959 specifically states the
responses that are valid after a PASS command, and guess what, 331 is
not one of them.

So, if the password specified on the PASS command has expired we will do the

1) send a "530 passwd expired; retry with passwd/newpasswd"

2) extend the syntax for the PASS text to allow specification of a new passwd

        PASS passwd[/newpasswd] [GROUP(xxx)]

   (GROUP is another piece of user id the user may want to specify in a usual
    MVS security environment)

3) while we're at it, extend the syntax of the USER command also

        USER userid[/passwd[/newpasswd]] [GROUP(xxx)]

This will screw up 4.x users who use .netrc files to allow auto-login
when 4.x client FTP connects to a remote host, in the case where the passwd
has expired, but that's life in the big (BLUE) city!

Chris Markle - - (301)290-8100

This archive was generated by hypermail 2.0b3 on Thu Mar 09 2000 - 14:39:15 GMT