Path: utzoo!attcan!uunet!zephyr.ens.tek.com!uw-beaver!milton!blake!Tomobiki-Cho!mrc From: mrc@Tomobiki-Cho.CAC.Washington.EDU (Mark Crispin) Newsgroups: comp.protocols.tcp-ip Subject: Re: Anonymous FTP Message-ID: <5134@blake.acs.washington.edu> Date: 21 Dec 89 21:43:41 GMT References: <630229363.780000.LARSON@CRVAX.SRI.COM> <909@excelan.COM> Sender: news@blake.acs.washington.edu Organization: Mendou Zaibatsu, Tomobiki-Cho, Butsumetsu-Shi Lines: 46 In article <909@excelan.COM> donp@na.excelan.com (don provan) writes: >Actually, there's nothing in FTP that requires any login at all. The >first FTP server i had to deal with would do an implicit "anonymous" >login when needed if no "USER" command was given. Ah, fond memories of ITS! Actually, that winning feature was also put in the good version of Tenex/TOPS-20 NCP-based FTP server, but it never made it into the TCP FTP server. >I've never quiteb >figured out why the famous "anonymous" login was adopted but the much >simpler implicit login is never implemented. I think it's history. On Tenex (the first OS that had ANONYMOUS login), the server did a real LOGIN system call. To do this, there had to be such a login directory as , and the FTP server had to be able to discover 's password (never mind if don't know how this was done; you probably shouldn't know!). If these weren't true, then no ANONYMOUS login was possible. The Tenex (and later TOPS-20) FTP server did no file access checks; it assumed that the operating system would do all that, based on the access rights that the particular user had. So, it was important to log in *before* any files were accessed. The objection to an automatic login as ANONYMOUS was that once you logged in, you were stuck with that. If you wanted superior access rights, you had to quit your FTP connection, re-connect, and log in all over again. No one wanted to implement "re-login", with all the possible security loopholes that implied, just for the convenience of the FTP server. When auto-login was implemented in the NCP FTP server (I forget if it was Ken Harrenstein or I who did it), some people continued to object on this basis, even when it was pointed out that a retrieve without a login would just have been an error before. I guess it was religious. As for the Unix FTP server, I'm sure it's just a combination of inertia and copying aspects of a design that are irrelevant on Unix. Mark Crispin / 6158 Lariat Loop NE / Bainbridge Island, WA 98110-2098 mrc@CAC.Washington.EDU -- MRC@PANDA.PANDA.COM -- (206) 842-2385 Atheist & Proud -- R90/6 pilot -- Lum-chan ga suki ja!!! tabesaserarenakerebanaranakattarashii...kisha no kisha ga kisha de kisha-shita sumomo mo momo, momo mo momo, momo ni mo iroiro aru uraniwa ni wa niwa, niwa ni wa niwa niwatori ga iru