Multiple simultaneous userauth requests

To: <ietf-ssh%netbsd.org@localhost>
Subject: Multiple simultaneous userauth requests
From: "Joseph Galbraith" <galb-list%vandyke.com@localhost>
Date: Thu, 29 Nov 2001 16:04:00 -0700

The userauth draft contains this text in section 2.2:

> The client MAY send several authentication
> requests without waiting for responses from
> previous requests.  The server MUST acknowledge
> any failed requests with a SSH_MSG_USERAUTH_FAILURE
> message.  However, SSH_MSG_USERAUTH_SUCCESS MUST
> be sent only once, and once SSH_MSG_USERAUTH_SUCCESS
> has been sent, any further authentication requests
> received after that SHOULD be silently ignored.

This seems overly complicated?  Do any clients
actually do this?

Can't we make things easier on implementers and
just say the multiple simultaneous userauth requests
are illegal?

- Joseph

Follow-Ups:
- Re: Multiple simultaneous userauth requests
  - From: Niels Möller

Prev by Date: forwarded from peter_m_boyd%yahoo.co.uk@localhost: SecSH server functionality on windows
Next by Date: Re: des-cbc cipher
Previous by Thread: forwarded from peter_m_boyd%yahoo.co.uk@localhost: SecSH server functionality on windows
Next by Thread: Re: Multiple simultaneous userauth requests
Indexes:

Home | Main Index | Thread Index | Old Index