Re: WG Last Call (third time's the charm?) for SSH core drafts

To: ietf-ssh%netbsd.org@localhost, galb-list%vandyke.com@localhost
Subject: Re: WG Last Call (third time's the charm?) for SSH core drafts
From: Darren Moffat <Darren.Moffat%eng.sun.com@localhost>
Date: Mon, 4 Feb 2002 15:07:44 -0800 (PST)

>We would probably need to reword as follows to get
>the strength you want (I'm okay with this.)
>
>   Normally, the server responds to this message with success or
>   failure.  However, if the password has expired the server SHOULD
>   indicate this by responding with SSH_MSG_USERAUTH_PASSWD_CHANGEREQ.
>   In anycase the server MUST NOT allow an expired password
>   to be used for authentication.
>
>     byte      SSH_MSG_USERAUTH_PASSWD_CHANGEREQ
>     string    prompt (ISO-10646 UTF-8)
>     string    language tag (as defined in [RFC1766])
>
>   In this case, the client MAY continue with a different
>   authentication method, or request a new password from
>   the user and retry password authentication using the
>   following message. The client MAY also send this message
>   instead of the normal password authentication request
>   without the server asking for it.


I like this wording but it does mean that Bill's "soft password expiration"
isn't workable with this.

Does anyone else care about this ?

>> Joseph, do you have this implemented on either side ?
>
>Yes.  Both sides.
>
>- Joseph

--
Darren J Moffat

Prev by Date: Re: WG Last Call (third time's the charm?) for SSH core drafts
Next by Date: Re: WG Last Call (third time's the charm?) for SSH core drafts
Previous by Thread: Re: WG Last Call (third time's the charm?) for SSH core drafts
Next by Thread: Re: WG Last Call (third time's the charm?) for SSH core drafts
Indexes:

Home | Main Index | Thread Index | Old Index