[Bug 1922] New: Disabling ChallengeResponseAuthentication also disables KbdInteractiveAuthentication
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Sun Jul 31 06:18:23 EST 2011
https://bugzilla.mindrot.org/show_bug.cgi?id=1922
Bug #: 1922
Summary: Disabling ChallengeResponseAuthentication also
disables KbdInteractiveAuthentication
Classification: Unclassified
Product: Portable OpenSSH
Version: 5.8p2
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: maxb at f2s.com
I was chasing some unexpected behaviour from OpenSSH, and have come
across an oddity in the source code which feels like a bug.
In auth2-kbdint.c, the Authmethod struct declares
options.kbd_interactive_authentication as the enabled flag for this
method. However in the implementation function a few lines above, it
checks options.challenge_response_authentication to decide whether to
actually proceed with the authentication.
This results in the behaviour of "ChallengeResponseAuthentication no"
also disabling keyboard-interactive authentication, even if
"KbdInteractiveAuthentication yes" is specified.
(Also, the KbdInteractiveAuthentication option isn't explicitly
documented in the manpages, so I'm unsure if it's actually intended to
be used or not.)
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list