Re: secsh-userauth

To: Tatu Ylonen <ylo%ssh.com@localhost>
Subject: Re: secsh-userauth
From: Bill Sommerfeld <sommerfeld%east.sun.com@localhost>
Date: Thu, 15 Mar 2001 15:14:15 -0500

> > So would it be reasonable if the server does the same thing if the username
> > changes during authentication?
> 
> Yes, it would be reasonable to say that the server MUST EITHER disconnect
> OR behave as if the user name did not exist.

i've added this to the last-call issues list.

suggested reword:

   The user name and service are repeated in every new authentication
   attempt, and MAY change.  The server implementation MUST carefully check
   them in every message, and MUST flush any accumulated authentication
   states if they change.  If it is unable to flush some authentication
   state, it MAY immediately disconnect; if it does not disconnect, it
   MUST NOT accept any future authentication requests (handling the
   client as if it had presented a nonexistant user name, as below).

References:
- Re: secsh-userauth
  - From: Tatu Ylonen

Prev by Date: Re: secsh-userauth
Next by Date: Re: secsh-userauth
Previous by Thread: Re: secsh-userauth
Next by Thread: Re: secsh-userauth
Indexes:

Home | Main Index | Thread Index | Old Index