clarification of "compulsory" attributes in publickey subsystem

To: <ietf-ssh%NetBSD.org@localhost>
Subject: clarification of "compulsory" attributes in publickey subsystem
From: "Brent McClure" <mcclure%swcp.com@localhost>
Date: Thu, 29 Jan 2004 17:10:49 -0700

Could I get some clarification about the "compulsory" flag in the
publickey subsystem draft?
http://www.ietf.org/internet-drafts/draft-ietf-secsh-publickey-subsystem-00.txt

The draft talks about how a client can send a "listattributes" request
and the server will respond with zero or more of these responses:

     string    "attribute"
     string    attribute name
     boolean   compulsory

Here is the draft's description of compulsory:

   The "compulsory" field indicates whether this attribute will be
   compulsorily applied to any added keys (irrespective of whether the
   attribute has been specified by the client) due to administrative
   settings on the server.  If the server does not support
   administrative settings of this nature, it MUST return false in the
   compulsory field.

What was the rationale for the compulsory flag? I want to make sure
I understand what we're supposed to do with this flag.

thanks, Brent

References:
- Re: Certificate authentication
  - From: Peter Gutmann
- Re: Certificate authentication
  - From: Damien Miller
- Re: Certificate authentication
  - From: Roumen Petrov

Prev by Date: Re: Certificate authentication
Next by Date: RE: Pending OpenSSH release: contains Kerberos/GSSAPI changes
Previous by Thread: Re: Certificate authentication
Next by Thread: Re: Certificate authentication
Indexes:

Home | Main Index | Thread Index | Old Index