secsh-userauth

To: ietf-ssh%netbsd.org@localhost
Subject: secsh-userauth
From: Markus Friedl <Markus.Friedl%informatik.uni-erlangen.de@localhost>
Date: Thu, 15 Mar 2001 18:34:48 +0100

Hi,

what is the rational for the following paragraphs from
draft-ietf-secsh-userauth-09.txt?

> 2.1.  Authentication Requests
> 
> The user name and service are repeated in every new authentication
> attempt, and MAY change.  The server implementation MUST carefully check
> them in every message, and MUST flush any accumulated authentication
> states if they change.  If it is unable to flush some authentication
> state, it MUST disconnect if the user or service name changes.

why does the server have to disconnect if it is unable (or does not
want) to flush the current authentication state?  is this really a MUST?
I'd prefer a SHOULD, especially since one of the next paragraphs say:

> If the requested user does not exist, the server MAY disconnect, or MAY
> send a bogus list of acceptable authentication methods, but never accept
> any.  This makes it possible for the server to avoid disclosing
> information on which accounts exist.  In any case, if the user does not
> exist, the authentication request MUST NOT be accepted.

So would it be reasonable if the server does the same thing if the username
changes during authentication?

-markus

Follow-Ups:
- Re: secsh-userauth
  - From: Tatu Ylonen

Prev by Date: Re: OpenSSH/scp ->> F-Secure SSH server Problems
Next by Date: Re: OpenSSH/scp ->> F-Secure SSH server Problems
Previous by Thread: Whither USERAUTH_BANNER?
Next by Thread: Re: secsh-userauth
Indexes:

Home | Main Index | Thread Index | Old Index