passing X11 authentication and authenticated home directories
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Apr 8 09:25:50 EST 2009
On 04/07/2009 05:09 PM, James Ralston wrote:
> Longer-term, though, a better solution would be provide more
> flexibility in how authentication mechanisms are required/specified.
> For example, I would like to be able to say:
>
> gssapi-with-mic || ( publickey && (keyboard-interactive || password))
>
> In English: to authenticate, gssapi-with-mic auth is sufficient.
> Otherwise, publickey auth *AND* one of either (keyboard-interactive,
> password) auth is sufficient.
You might be interested in the commentary and patches associated with
bug 983, tracking the idea of required authentication steps:
https://bugzilla.mindrot.org/show_bug.cgi?id=983
Regards,
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 890 bytes
Desc: OpenPGP digital signature
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20090407/af606144/attachment.bin
More information about the openssh-unix-dev
mailing list