Re: userauth and multiple simultaneous requests...

To: "Joseph Galbraith" <galb%vandyke.com@localhost>
Subject: Re: userauth and multiple simultaneous requests...
From: Bill Sommerfeld <sommerfeld%east.sun.com@localhost>
Date: Tue, 18 Dec 2001 19:24:08 -0500

A couple comments on the wording:

   A request that results in further exchange of messages
   will be aborted by second request

by "a" second request ?

   so it is not possible
   to send a second request without waiting for a response
   from the server, if the first request will 

Perhaps "may" here?  Userauth requests could involve variable numbers
of messages (GSSAPI is notorious for this).

   result in
   further exchange of messages.  No SSH_MSG_USERAUTH_FAILURE
   message will be sent for the aborted method.

   SSH_MSG_USERAUTH_SUCCESS MUST be sent only once, and once
   SSH_MSG_USERAUTH_SUCCESS has been sent, any further authentication
   requests received after that SHOULD be silently ignored.

Is there any good reason why the second SHOULD shouldn't be a MUST?
Doesn't seem like it should be hard to get this right..  is there
deployed code which gets this wrong?

					- Bill

Follow-Ups:
- Re: userauth and multiple simultaneous requests...
  - From: Joseph Galbraith

References:
- userauth and multiple simultaneous requests...
  - From: Joseph Galbraith

Prev by Date: userauth and multiple simultaneous requests...
Next by Date: Re: Comment on drafts in last call
Previous by Thread: userauth and multiple simultaneous requests...
Next by Thread: Re: userauth and multiple simultaneous requests...
Indexes:

Home | Main Index | Thread Index | Old Index