No interest in partial auth?

[Joel N. Weber II]

> I was told that the functionality I added was "too complex", and that the 
> most they'd accept was a bitfield (as opposed to my ordered list). As that 
> was useless for my needs, I gave up on it ever being added to the mainline 
> OpenSSH code. Once I left the employer that I had developed it for, I 
> stopped maintaining the code.

If that code has a reasonable license, I'd be interested in taking a
look at it.

> Good luck convincing the Cabal that it serves a useful purpose - I 
> couldn't, and I'm unwilling to take on the burden of maintaining a forked 
> project.

I have some interest in this sort of thing, because I'd like to be
able to use s/key logins that are also protected by a password, so
that I can carry around a list of s/key passwords and still have some
minimal protection against a stolen wallet.  However, I'm not entirely
convinced that a smartcard wouldn't be just as good a solution, if I
can get all the bits for that to work.

Given the openbsd folk's unwillingness to merge the gss key exchange
stuff, it's obvious that there's always going to be a certain amount
of forkedness to openssh.