[Bug 2309] change default PreferredAuthentications order
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Sat Nov 8 12:40:55 EST 2014
https://bugzilla.mindrot.org/show_bug.cgi?id=2309
Christoph Anton Mitterer <calestyo at scientia.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |INVALID
--- Comment #1 from Christoph Anton Mitterer <calestyo at scientia.net> ---
Rethinking that again (which I probably should have done more carefully
before) I'll close this as invalid:
Both gssapi-with-mic (and gssapi-keyex) and hostbased won't query the
user.
- If a kerberos ticket is there, it will be used if gasapi-with-mic
comes first and one doesn't need to interact.
- If no kerberos ticket is there, gssapi-with-mic auth will fail
(respectively not tried at all) and ssh will try hostbased auth. Thus
no interaction either.
And then I think it's better to prefer the gssapi-* methods over
anything else, because if forwarding of credentials is enabled then the
user probably wants this, which wouldn't happen if hostbased kicks in
before.
Sorry for the noise O:-)
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list