Connection caching?
Ben Lindstrom
mouring at etoh.eviladmin.org
Sat May 8 13:05:20 EST 2004
On Sat, 8 May 2004, Darren Tucker wrote:
> Ben Lindstrom wrote:
> > Just keep in mind everytime this has come up. Markus has commented that
> > the code was too complex. So just keep that in mind if you actually start
> > playing.
>
> I know, that's why I was talking about bitmasks, it's the simplest
> implementation I could think of.
>
> Basically, assign a bit to each allowed auth method and create an array
> of valid combinations. As each method succeeds, clear the bit
> corresponding to that method. When one of the masks is clear, the
> authentication is complete.
>
> For example (and ignoring the user specification for now), if password =
> bit 0, pubkey = bit 1 and keyboard-interactive = bit 2,
>
> AuthenticationsForUser fred password+public-key,keyboard-interactive
>
> would boil down to a 2-element array of methods:
>
> 0011
> 0100
>
> After a successful password authentication, clear bit 0 in each:
>
> 0010
> 0100
>
> OK, so none of them are all clear, so set partial-success and keep
> going. And so on.
>
Which is fine, but some around here have expressed a need for ordered
authentication. Which would make a bitmask implementation imposible
without predefining all possible forms of combination.
I'm sure one could argue that moving from a bitmask to character array
where you number 1,2,3,4,5..etc.. for the ordering. However, I'm
still thinking that could become too much. <shrug> One would have to
implement it both ways to see how much added complexity.
- Ben
More information about the openssh-unix-dev
mailing list