IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: gss userauth
On Wed, 2003-09-03 at 05:24, Nicolas Williams wrote:
> On Tue, Sep 02, 2003 at 12:05:38PM +1000, Damien Miller wrote:
> > Agreed. Abusing partial authentication to fix up a shortcoming in an
> > draft auth method is a kludge to fix a mistake, no other auth method
> > does (or should) work that way. I agree with Markus' suggested solution too.
>
> Partial userauth is useful for and needed to force the use of
> keyboard-interactive when you want users to change their passwords -
> that way users can't bypass password aging by using pubkey, hostbased or
> gss userauth.
My criticism is not a partial userauth (which is useful), but its abuse
to fix the shortcomings of GSSAPI auth.
-d
Home |
Main Index |
Thread Index |
Old Index