Here is how NNTP V1.5.9 & .10 seem to do authorization:

ANY command can get an error of ERR_NOAUTH (480).  It turns out that only
POST and IHAVE do this in the current version, but the code supports having
any command cause this.

If you get ERR_NOAUTH, you must respond with

authinfo user username

The reply will be either NEED_AUTHDATA (381) or some other error (typically
wither ERR_AUTHREJ (482), indicating that it's already been done, or
ERR_COMMAND).

You reply to this with

authinfo pass password

The reply will be either OK_AUTH (281) or ERR_ACCESS (502), depending
on whether it's OK or not.  

SO: the sequence is:

client trys some command
480 Need authorization
authinfo user foo
381 Need more
authinfo pass bar
281 OK, authorized		or	502 You blew it

If you try to do an authinfo at some random time, you could get:

482 ERR_AUTHREJ 

indicating that you did it at the wrong time, that the order (user/pass)
is wrong, etc.)