Re: gss userauth

To: "Joel N. Weber II" <ietf-secsh%joelweber.com@localhost>
Subject: Re: gss userauth
From: Markus Friedl <markus%openbsd.org@localhost>
Date: Tue, 2 Sep 2003 13:28:00 +0200

On Tue, Sep 02, 2003 at 06:58:02AM -0400, Joel N. Weber II wrote:
> We have two openssh maintainers opposed to the partial authentication
> approach.  And I have a preference against the partial authentication
> method; I've been working on an implementation of the gssapi-mic
> authentication method, and I've also written a patch for gnupg support
> of significant size.
> 
> How much code for an ssh implementation have the partial
> authentication advocates written?

Simon's code for the partial authentication version is not very
large.  However, I don't like the approach of having a 'chain' of
userauth methods for 'gssapi-mic'.

The same reasoning could be used for a challenge-response based
authentication method:  just add a method for sending a challenge
together with 'partial success' and use the existing password method
for response verification.

-m

References:
- Re: gss userauth
  - From: Jeffrey Hutzelman
- Re: gss userauth
  - From: Joel N. Weber II

Prev by Date: Re: gss userauth
Next by Date: Re: gss userauth
Previous by Thread: Re: gss userauth
Next by Thread: Re: gss userauth
Indexes:

Home | Main Index | Thread Index | Old Index