Updated partial auth patch against CVS
Carson Gaspar
carson at taltos.org
Thu May 3 04:47:28 EST 2001
--On Wednesday, May 02, 2001 11:10 AM -0700 Karl M <karlm30 at hotmail.com>
wrote:
> Hi Carson...
>
> Please help me understand the issues/constraints here. Regarding
>
> Authorder2 publickey,publickey:password
>
> what part of the syntax do you see as a problem? Is it that an
> authentication sequence is a propper subset of a later authentication
> sequence in the list?
Yes. Although "later" is irrelevant. If publickey succeeds, you're in.
You'll never be asked for a password. You're suggesting changing that
behaviour on Cygwin, making it platform-specific. That's bad.
> If I use
>
> Authorder2 publickey:method1,publickey:method2
>
> and the public key succeeds but method1 fails, assuming no agent will the
> user see
>
> publickey
> method1
> method2
>
> or will he see
>
> publickey
> method1
> publickey
> method2
>
> I would hope and vote for the first.
Currently, it should show "method1,method2". This makes the client "do the
right thing" and let you re-try your flubbed password, without making you
re-enter your private key passphrase.
> What I would hope to specify is: publickey (when ssh and sshd userids
> match) and publickey:password (when ssh and sshd userids differ). This
> gets the password to the sshd so that the userid can be changed in
> CygWin. Do you have any thoughts on the syntax for this that would be
> compatible with your syntax?
publickey:cygwinoptpass
and add code to handle the cygwin bizzaro world case.
--
Carson Gaspar - carson at taltos.org
Queen trapped in a butch body
More information about the openssh-unix-dev
mailing list