Require multiple methods of authentication.. status...
Carson Gaspar
carson at taltos.org
Tue Jun 25 04:19:19 EST 2002
--On Monday, June 24, 2002 10:41 AM -0500 Joshua Johnson
<joshua.johnson at ftlsys.com> wrote:
> What is the status of being able to require a user to perform multiple
> methods of authentication.
I developed a patch a while ago to do this. It was rejected, because the
functionality it provided included specifying the order of the
authentication methods, and was deemed "too complicated". I was told that a
patch that was order insensitive, and could therefore be reduced to a
bitfield, would be acceptable. But that was not enough for my requirement
(force pubkey before password), so I never did it.
Recently, someone has taken my old patch and ported it to a recent release.
See the list archives for details. I haven't looked at it at all, so caveat
emptor.
There is also a patch that integrates the keynote policy language. I
haven't looked at it, as I changed employers and no longer require any of
this (and my free time has been reduced ;-).
--
Carson
More information about the openssh-unix-dev
mailing list