IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: secsh-userauth
> > So would it be reasonable if the server does the same thing if the username
> > changes during authentication?
>
> Yes, it would be reasonable to say that the server MUST EITHER disconnect
> OR behave as if the user name did not exist.
i've added this to the last-call issues list.
suggested reword:
The user name and service are repeated in every new authentication
attempt, and MAY change. The server implementation MUST carefully check
them in every message, and MUST flush any accumulated authentication
states if they change. If it is unable to flush some authentication
state, it MAY immediately disconnect; if it does not disconnect, it
MUST NOT accept any future authentication requests (handling the
client as if it had presented a nonexistant user name, as below).
Home |
Main Index |
Thread Index |
Old Index