Re: gss userauth

[Jeffrey Hutzelman <jhutz%cmu.edu@localhost>]

On Tue, 2 Sep 2003, Markus Friedl wrote:

> why not negotiate the 'mic' capatibility within the user
> authentication method instead of requiring chained methods?

I had a proposal for doing that, but it was pointed out to me by a couple
of people that relying on a server sending SSH_MSG_UNIMPLEMENTED when it
gets a message it doesn't understand is not safe, since some
implementations don't always do so (last I heard, OpenSSH gets this wrong
between the end of initial key exchange and the start of user
authentication; it's reasonable to assume that other implementations get
it wrong at other times).

> > I think we already decided much
> > earlier in the development of this specification that we didn't want to do
> > that; are you suggesting we revisit that decision?
>
> i don't know the use of an authentication mechanism without
> integrity protection.

So you don't implement password or keyboard-interactive any more?

Ordinarily I'd agree with you, but it seems clear to me that in this
context, it's appropriate to consider such methods.  Suppose someone
builds their site around an authentication system that involves a
challenge-response exchange between the server and a smart card held by
the user.  If they build a GSSAPI mechanism for that system, isn't it
reasonable that they be able to use it with ssh, even though it doesn't
provide any sort of shared secret?

-- Jeff