I personally think adding the new interface is much cleaner, guarantees backward compatibility.
Sai Pullabhotla On Tue, Apr 19, 2011 at 4:48 PM, Niklas Gustavsson <[email protected]> wrote: > On Tue, Apr 19, 2011 at 6:27 PM, Sai Pullabhotla > <[email protected]> wrote: >> Just wanted to address the comment made by Niklas that a password >> should always be required: >> >> Just reading back the RFC 4217, and found this: >> >> Note 2: The PASS command might not be required at all (if the USER >> parameter and any client identity presented provide sufficient >> authentication). The server would indicate this by issuing a '232' >> reply to the USER command instead of the '331', which requests a PASS >> from the client (see below). >> >> So, it looks like we now do have a standard. > > Good find! I still haven't gotten around to reviewing the patch, but > having this spec makes me think we can include this in 1.1.x. For > 1.1.x we need to maintain backwards compatibility. Perhaps if on > calling authenticate on USER, if it throws FtpException (and not > AuthenticationFailedException) or a RuntimeException, we treat that as > authentication not supported and requires PASS. Or, we need a new > interfaces. > > /niklas >
