In message <[EMAIL PROTECTED]>, Frank Cusack writes: > > I'm not saying that authentications /should/ be classified according > to technology, only that there definitely should to be a way to > "mandate" that an authentication uses a certain technology. > That said, I don't know how to FORCE a user to use a smartcard > vs. a disk-based key -- a "non-compliant" client implementation > could ignore any flag from the server saying "use x technology". > > Without such a way to FORCE such compliance, a technology flag > is moot. If a publickey auth relies on intrinsic server knowledge > of the public key, it may be administratively possible to force > compliance (and a technology flag may not be /required/), but but would be useful to tell a compliant client which device to use, disk or smartcard, since multiple devices may (will) be available. > if publickey auth is verified via a certificate, then it may > be difficult to force technology compliance. > ~frank
- Re: Generic challenge-repsonse aunetication in ss... Andrew Morgan
- Re: Generic challenge-repsonse aunetication i... Tero Kivinen
- Re: Generic challenge-repsonse auneticati... Andrew Morgan
- Re: Generic challenge-repsonse aunetication in ssh2 Tero Kivinen
- Re: Generic challenge-repsonse aunetication in ss... Niels M�ller
- Re: Generic challenge-repsonse aunetication i... Tero Kivinen
- Re: Generic challenge-repsonse auneticati... Mike Eisler
- Re: Generic challenge-repsonse auneticati... Andreas Siegert
- Re: Generic challenge-repsonse aunet... Tero Kivinen
- Re: Generic challenge-repsonse aunetication in ssh2 Frank Cusack
- Re: Generic challenge-repsonse aunetication in ssh2 Frank Cusack
- Re: Generic challenge-repsonse aunetication in ssh2 Martin Forssen
- Re: Generic challenge-repsonse aunetication in ssh2 Tero Kivinen
- Re: Generic challenge-repsonse aunetication in ssh2 Ivan Popov
- Re: Generic challenge-repsonse aunetication in ssh2 Niels M�ller
- Re: Generic challenge-repsonse aunetication in ssh2 Martin Forssen
