RFC 4462 empty user name string
Jim Basney
jbasney at ncsa.uiuc.edu
Wed Jul 26 00:47:29 EST 2006
Yes, we find the RFC 4462 empty user name string feature very useful for
the GSI GSSAPI mechanism to ease single sign-on across systems where
usernames differ. For interop, we have to be careful to only send an
empty username if we know the server will accept it. We maintain our
GSI patch for OpenSSH at <http://grid.ncsa.uiuc.edu/ssh/>. I submitted
a version of the patch at
<http://bugzilla.mindrot.org/show_bug.cgi?id=958> which I'd be happy to
update if there's interest.
Cheers,
Jim
David Leonard <David.Leonard at quest.com> wrote:
> I'm all for multiple-auth in sshd, but the current impl appears to
> conflict with an obscure feature of RFC4462 that I have been trying to
> implement, namely where the username field can start off blank and the
> server deduces the username from the credentials. Has anyone else looked
> at this? sshd currently rejects connections when the username field
> changes between separate auth attempts.
>
> d
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> http://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
More information about the openssh-unix-dev
mailing list