Re: gss userauth

To: Nicolas Williams <Nicolas.Williams%sun.com@localhost>
Subject: Re: gss userauth
From: Damien Miller <djm%mindrot.org@localhost>
Date: 03 Sep 2003 07:04:29 +1000

On Wed, 2003-09-03 at 05:24, Nicolas Williams wrote:
> On Tue, Sep 02, 2003 at 12:05:38PM +1000, Damien Miller wrote:
> > Agreed. Abusing partial authentication to fix up a shortcoming in an
> > draft auth method is a kludge to fix a mistake, no other auth method
> > does (or should) work that way. I agree with Markus' suggested solution too.
> 
> Partial userauth is useful for and needed to force the use of
> keyboard-interactive when you want users to change their passwords -
> that way users can't bypass password aging by using pubkey, hostbased or
> gss userauth.

My criticism is not a partial userauth (which is useful), but its abuse
to fix the shortcomings of GSSAPI auth.

-d

References:
- draft minutes from IETF57 secure shell meeting.
  - From: Bill Sommerfeld
- gss userauth
  - From: Love
- Re: gss userauth
  - From: Love Hörnquist Åstrand
- Re: gss userauth
  - From: Jeffrey Hutzelman
- Re: gss userauth
  - From: Joel N. Weber II
- Re: gss userauth
  - From: Markus Friedl
- Re: gss userauth
  - From: Damien Miller
- Re: gss userauth
  - From: Nicolas Williams

Prev by Date: Re: gss userauth
Next by Date: Re: gss userauth
Previous by Thread: Re: gss userauth
Next by Thread: Re: gss userauth
Indexes:

Home | Main Index | Thread Index | Old Index