IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

secsh-userauth



Hi,

what is the rational for the following paragraphs from
draft-ietf-secsh-userauth-09.txt?

> 2.1.  Authentication Requests
> 
> The user name and service are repeated in every new authentication
> attempt, and MAY change.  The server implementation MUST carefully check
> them in every message, and MUST flush any accumulated authentication
> states if they change.  If it is unable to flush some authentication
> state, it MUST disconnect if the user or service name changes.

why does the server have to disconnect if it is unable (or does not
want) to flush the current authentication state?  is this really a MUST?
I'd prefer a SHOULD, especially since one of the next paragraphs say:

> If the requested user does not exist, the server MAY disconnect, or MAY
> send a bogus list of acceptable authentication methods, but never accept
> any.  This makes it possible for the server to avoid disclosing
> information on which accounts exist.  In any case, if the user does not
> exist, the authentication request MUST NOT be accepted.

So would it be reasonable if the server does the same thing if the username
changes during authentication?

-markus



Home | Main Index | Thread Index | Old Index