Re: gss userauth

To: Jeffrey Hutzelman <jhutz%cmu.edu@localhost>
Subject: Re: gss userauth
From: Markus Friedl <markus%openbsd.org@localhost>
Date: Tue, 2 Sep 2003 19:51:35 +0200

On Tue, Sep 02, 2003 at 12:22:03PM -0400, Jeffrey Hutzelman wrote:
> My approach was to have new clients just send a new message containing the
> MIC, in place of the empty "exchange complete" message that current
> clients send.  An old server receiving this new message would send
> SSH_MSG_UNIMPLEMENTED, and the new client would reply with the old
> completion message.

but this would be a 'hack' not an improved replacement for "gssapi"

> I don't see any way to introduce up-front negotiation into an existing
> mechanism that doesn't already have it, without breaking interoperability
> with the existing implementations.  If you have a suggestion that will
> work, please let me know.

why not use a new method name if there are many existing implementations?

Follow-Ups:
- Re: gss userauth
  - From: Jeffrey Hutzelman

References:
- Re: gss userauth
  - From: Jeffrey Hutzelman

Prev by Date: Re: gss userauth
Next by Date: Re: gss userauth
Previous by Thread: Re: gss userauth
Next by Thread: Re: gss userauth
Indexes:

Home | Main Index | Thread Index | Old Index