Opened 5 years ago
#5313 enhancement new
Provide alternative for (and deprecate) twistd ftp --userAnonymous
|Reported by:||Ying Li||Owned by:|
Originally part of #4752
It would be nice if --userAnonymous could also be eliminated, with the determination about whether a user is anonymous delegated to the credentials checker. However, it appears as though the server wants to return "331.2" instead of "331.1" when an anonymous login is being attempted, which requires the server to know if it is going to be an anonymous login before the "password" is sent (hence before the login is attempted).
Perhaps we can get rid of --userAnonymous.
After FTP receives the username, it can log in to the portal with UsernamePassword(username, ""). If this succeeds, the server can proceed to prompt for the "password" (ie, email address) and log it or whatever. If it fails, the server can prompt for the password and re-try login with UsernamePassword(username, password).
This would let an IUsernamePassword credentials checker decide which username corresponds to the anonymous user and return ANONYMOUS when it sees a login attempt for that username. If the realm also allows anonymous users, this would succeed with a usable avatar.