Re: secsh-userauth

[Markus Friedl <Markus.Friedl%informatik.uni-erlangen.de@localhost>]

On Thu, Mar 15, 2001 at 09:54:12PM +0200, Tatu Ylonen wrote:
> > > The user name and service are repeated in every new authentication
> > > attempt, and MAY change.  The server implementation MUST carefully check
> > > them in every message, and MUST flush any accumulated authentication
> > > states if they change.  If it is unable to flush some authentication
> > > state, it MUST disconnect if the user or service name changes.
> > 
> > why does the server have to disconnect if it is unable (or does not
> > want) to flush the current authentication state?  is this really a MUST?
> > I'd prefer a SHOULD, especially since one of the next paragraphs say:
> 
> It is a MUST, because some authentication methods may accumulate implicit
> state in global variables.  For example, certain styles of implementing
> PAM or Kerberos based authentication may leave tickets or other data in
> essentially global data.

yes, i understand this, my question was ambiguous: i was not
asking about the 'MUST flush', but the 'MUST disconnect'.

> > So would it be reasonable if the server does the same thing if the username
> > changes during authentication?
> 
> Yes, it would be reasonable to say that the server MUST EITHER disconnect
> OR behave as if the user name did not exist.

ok, so this is another issue for the meeting?

-markus