[Bug 2309] change default PreferredAuthentications order

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sat Nov 8 12:40:55 EST 2014


https://bugzilla.mindrot.org/show_bug.cgi?id=2309

Christoph Anton Mitterer <calestyo at scientia.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |INVALID

--- Comment #1 from Christoph Anton Mitterer <calestyo at scientia.net> ---
Rethinking that again (which I probably should have done more carefully
before) I'll close this as invalid:

Both gssapi-with-mic (and gssapi-keyex) and hostbased won't query the
user.

- If a kerberos ticket is there, it will be used if gasapi-with-mic
comes first and one doesn't need to interact.
- If no kerberos ticket is there, gssapi-with-mic auth will fail
(respectively not tried at all) and ssh will try hostbased auth. Thus
no interaction either.

And then I think it's better to prefer the gssapi-* methods over
anything else, because if forwarding of credentials is enabled then the
user probably wants this, which wouldn't happen if hostbased kicks in
before.


Sorry for the noise O:-)

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list