control of auth methods
Damien Miller
djm at mindrot.org
Sat May 8 15:45:28 EST 2004
Darren Tucker wrote:
> Damien Miller wrote:
>
>
>>Perhaps we would be willing to add a single "AuthMethods xxx,yyy,zzz",
>>where xxx, etc are the auth method names used in the protocol. We'd have
>>to keep the older names around for a fair while to stop breakage.
>
>
> How should methods that have different names between protocols 1 and 2
> be handled? eg ChallengeResponseAuthentication is "challenge-response"
> for v1 but "keyboard-interactive" for v2.
>
> Ie, would "AuthMethods keyboard-interactive" enable challenge-response
> in v1?
Good point. Two obvious options:
1. Don't use protocol method names - use short names instead and make
them common between protocols. E.g. pubkey, password, challresp
2. Have separate AuthMethods1 and AuthMethods2 controls. AuthMethods1
would require some poetic license, as the actual auth methods are
identified by number :)
Given what we want to do for PermitRootLogin, perhaps the former would
lend itself to code sharing the most.
-d
More information about the openssh-unix-dev
mailing list