multiple password prompts for a locked account
djm at mindrot.org
Tue Mar 25 09:27:15 EST 2003
Srinidhi H wrote:
> Please forgive me if this the wrong list for my query or if this topic
> is already covered. I searched through the archive but could not find
> any information.
> Here is my problem. If I enable more than one authentication method (say
> public key, keyboard interaction,password) at my SSH server and try to
> login using a locked/expired user account, server prompts for password
> for each authentication method . Since user is already locked isn't it
> better to stop at the first authentication method (i.e. publickey) with
> a appropriate error message? Otherwise this unnecessarily forces the
> user to enter password for each authentication method even though it is
> known that all the methods will fail.
> Is there any reason why it is implemented this way? (which I am obviosly
> missing here)
To stop early would allow probing of existing usernames and allowed authentication methods.
More information about the openssh-unix-dev