Ken Hornstein wrote: >>If you base64 decode this you'll see that the user name that nmh is >>sending is "zhangweiwu". So it's not paying attention to the login >>specified in the .netrc, only to the password.
>yes, it should pay attention to the .netrc file Sadly the code doesn't do this at all -- the user always comes from calling getusername(), which only does a passwd file lookup. We don't call ruserpass() (which is what reads .netrc) until sm_get_pass(), which will be after we've already sent the wrong username to the server. We could fix this by having ruserpass() be called in sm_get_user() (plus logic to avoid calling it more than once), but I suspect this would have irritating side-effects if you don't use .netrc (like going from assuming the local username to prompting for it, and prompting for a password even if the auth method only demands a user name). So it's not a trivial thing to fix, and perhaps we could do with some cleanup of this area. For instance, just in playing about with this, I found bug #23167 -- if your .netrc is world readable then post segfaults; and it doesn't seem to close the file properly either. Should ruserpass() call getusername() to get its default user name? -- PMM _______________________________________________ Nmh-workers mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/nmh-workers
