Re: WG Last Call (third time's the charm?) for SSH core drafts

["Joseph Galbraith" <galb-list%vandyke.com@localhost>]

> > Based on recent traffic I think we might have one outstanding issue,
> > to do with SSH_MSG_USERAUTH_PASSWD_CHANGEREQ. Currently the text allows
> > the client to ignore the message and assume SUCCESS (at least that is
how
> > I read it).
>
> I don't read it that way -- the current text is just plain silent
> about both client and server behavior should the client not send a
> password change request.
>
> I assume the proposed fix is to say something like:
>
> server MAY send an error message and drop the connection if
> client fails to send a password change request.

Saying this would make password a stateful
mechanism -- something to be avoided.  As
things stand, I consider the
SSH_MSG_USERAUTH_PASSWD_CHANGEREQ is
a special failure message that gives the
client a hint about what would be necessary
for password authentication to succeed.

Any future password request is independent
though, regardless of whether is a normal
password request or a request that includes
a new password.

This was the proposed fix:

    Normally, the server responds to this message with success or
    failure.  However, the server MAY also indicate that the
    request failed because the password must be changed by responding
    with SSH_MSG_USERAUTH_PASSWD_CHANGEREQ.

      byte      SSH_MSG_USERAUTH_PASSWD_CHANGEREQ
      string    prompt (ISO-10646 UTF-8)
      string    language tag (as defined in [RFC1766])

    In this case, the client MAY continue with a different
    authentication method, or request a new password from
    the user and retry password authentication using the
    following message. The client MAY also send this message
    instead of the normal password authentication request
    without the server asking for it.

- Joseph